Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Update fstream to a secure version

See original GitHub issue

fstream has a vulnerability in versions lower than 1.0.12.

Remediation: Upgrade fstream to version 1.0.12 or later. For example:

fstream@^1.0.12:

  version "1.0.12"

WS-2019-0100 Vulnerable versions: < 1.0.12 Patched version: 1.0.12 Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Issue Analytics

State:
Created 4 years ago
Reactions:29
Comments:5

Top GitHub Comments

2reactions

ZJONSSONcommented, Sep 11, 2019

A drop in replacement that is actively maintained can be found here: https://www.npmjs.com/package/unzipper

1reaction

divanishyncommented, Sep 23, 2019

@ZJONSSON @tanmayghosh2507 @TomasBarry thanks, unzipper works just fine!

Top Results From Across the Web

QID 981772: Nodejs (npm) Security Update for fstream (GHSA ...

Versions of `fstream` prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists...

fstream-ignore - npm Package Health Analysis - Snyk

Learn more about fstream-ignore: package health score, popularity, security, maintenance, versions and more.

USN-4123-1: npm/fstream vulnerability | Ubuntu security notices

npm/fstream could be made to overwrite files. ... The problem can be corrected by updating your system to the following package versions: ...

C++ Files - W3Schools

#include <iostream> #include <fstream> using namespace std; int main() { // Create and open a text file ofstream MyFile("filename.txt");

Arbitrary File Overwrite in fstream - Vulners

n\nNon-security issue fixed :\n\n - Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b ...