Node Tmp
Monthly
Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.
Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.