The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Creation of Temporary File in Directory with Insecure Permissions vulnerabilities in an interactive lesson.
Start learningThere is no fixed version for pkg
.
pkg is a command line interface that enables packaging a Node.js project into an executable
Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in /tmp/pkg/
, which is the hardcoded location for all included packages. A user with write access to that shared directory can replace packages and have them unknowingly executed by other users.
Note: pkg
is deprecated so no fix is expected for this issue. However, the maintainers "recommend investigating Node.js 21’s support for single executable applications".