Skip to content

[🐸 Frogbot] Update version of tmp to 0.2.4#537

Open
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-tmp-567703c20354632d6c7733a97a0690b4
Open

[🐸 Frogbot] Update version of tmp to 0.2.4#537
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-tmp-567703c20354632d6c7733a97a0690b4

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
low
Low
CVE-2025-54798 Not Covered tmp:0.2.3
@vscode/vsce:2.24.0
ovsx:0.8.4
tmp 0.2.3 [0.2.4]

🔖 Details

Vulnerability Details

Contextual Analysis: Not Covered
Direct Dependencies: tmp:0.2.3, @vscode/vsce:2.24.0, ovsx:0.8.4
Impacted Dependency: tmp:0.2.3
Fixed Versions: [0.2.4]
CVSS V3: 2.5

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant