{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38010?format=json","vulnerability_id":"VCID-ydbd-973n-fkaa","summary":"Tmp files readable by other users\nThe sync-exec module is used to simulate child_process.execSync in node Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.","aliases":[{"alias":"GMS-2016-9"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52494?format=json","purl":"pkg:npm/sync-exec@0.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.0.0-alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/202895?format=json","purl":"pkg:npm/sync-exec@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/202896?format=json","purl":"pkg:npm/sync-exec@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/202897?format=json","purl":"pkg:npm/sync-exec@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/202898?format=json","purl":"pkg:npm/sync-exec@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/202899?format=json","purl":"pkg:npm/sync-exec@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/202900?format=json","purl":"pkg:npm/sync-exec@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/202901?format=json","purl":"pkg:npm/sync-exec@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55570?format=json","purl":"pkg:npm/sync-exec@0.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49xf-215m-9ub5"},{"vulnerability":"VCID-ydbd-973n-fkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.2"}],"references":[{"reference_url":"https://github.com/gvarsanyi/sync-exec/issues/17","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/gvarsanyi/sync-exec/issues/17"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydbd-973n-fkaa"}