CVE-2017-18869
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-18869
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joyent Node.js chownr package 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序,以及编写能够处理数万条且同时连接到一个物理机的连接代码。chownr package是其中的一个文件所有权管理软件包。 Joyent Node.js 10.10版本中的chownr package 1.1.0之前版本中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-18869
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-18869
Please Login to view more intelligence information
- https://bugzilla.redhat.com/show_bug.cgi?id=1611614x_refsource_MISC
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985x_refsource_MISC
- https://github.com/isaacs/chownr/issues/14x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-18869
Same Patch Batch · n/a · 2020-06-15 · 81 CVEs total
| CVE-2020-9426 | Open-Xchange OX Guard 跨站脚本漏洞 | |
| CVE-2020-9075 | Huawei Secospace USG6300和USG6300E 信息泄露漏洞 | |
| CVE-2020-14152 | libjpeg 资源管理错误漏洞 | |
| CVE-2020-9076 | 多款Huawei产品授权问题漏洞 | |
| CVE-2020-3961 | VMware Horizon Client 安全漏洞 | |
| CVE-2020-1825 | Huawei FusionAccess 输入验证错误漏洞 | |
| CVE-2020-9427 | Open-Xchange OX Guard 代码问题漏洞 | |
| CVE-2020-14011 | Lansweeper 安全漏洞 | |
| CVE-2020-1813 | 华为 Huawei NIP6800和Huawei Secospace USG6600 授权问题漏洞 | |
| CVE-2018-16848 | OpenStack Mistral 资源管理错误漏洞 | |
| CVE-2020-14054 | Sokkia GNR5 SQL注入漏洞 | |
| CVE-2020-13150 | D-Link DSL-2750U 访问控制错误漏洞 | |
| CVE-2020-13999 | libEMF 输入验证错误漏洞 | |
| CVE-2020-14034 | Meetecho Janus 缓冲区错误漏洞 | |
| CVE-2020-14033 | Meetecho Janus 缓冲区错误漏洞 | |
| CVE-2018-21246 | Caddy 授权问题漏洞 | |
| CVE-2018-21245 | Apsis Pound 环境问题漏洞 | |
| CVE-2019-20838 | PCRE 缓冲区错误漏洞 | |
| CVE-2020-14154 | Mutt 安全漏洞 | |
| CVE-2020-14153 | libjpeg 缓冲区错误漏洞 |
Showing top 20 of 81 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2017-18869
No comments yet