KARASZI István

1 exploit Active since Aug 2025
CVE-2025-54798 WRITEUP LOW WRITEUP
raszi/tmp < 0.2.4 - Arbitrary File Write via Symbolic Link
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
CVSS 2.5