CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2017-16024

The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
Publish Date : 2018-06-04 Last Update Date : 2019-10-09
Collapse All   Expand All   Select   Select&Copy  
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
4.0
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access None
Vulnerability Type(s) Obtain Information
CWE ID 200

- Products Affected By CVE-2017-16024

# Product Type Vendor Product Version Update Edition Language
1 Application Nodejs Node.js 0.0.1 Version Details Vulnerabilities
2 Application Nodejs Node.js 0.0.2 Version Details Vulnerabilities
3 Application Nodejs Node.js 0.0.3 Version Details Vulnerabilities
4 Application Nodejs Node.js 0.0.4 Version Details Vulnerabilities
5 Application Nodejs Node.js 0.0.5 Version Details Vulnerabilities
6 Application Nodejs Node.js 0.0.6 Version Details Vulnerabilities
7 Application Nodejs Node.js 0.1.0 Version Details Vulnerabilities
8 Application Nodejs Node.js 0.1.1 Version Details Vulnerabilities
9 Application Nodejs Node.js 0.1.2 Version Details Vulnerabilities
10 Application Nodejs Node.js 0.1.3 Version Details Vulnerabilities
11 Application Nodejs Node.js 0.1.4 Version Details Vulnerabilities
12 Application Nodejs Node.js 0.1.5 Version Details Vulnerabilities
13 Application Nodejs Node.js 0.1.6 Version Details Vulnerabilities
14 Application Nodejs Node.js 0.1.7 Version Details Vulnerabilities
15 Application Nodejs Node.js 0.1.8 Version Details Vulnerabilities
16 Application Nodejs Node.js 0.1.9 Version Details Vulnerabilities
17 Application Nodejs Node.js 0.1.10 Version Details Vulnerabilities
18 Application Nodejs Node.js 0.1.11 Version Details Vulnerabilities
19 Application Nodejs Node.js 0.1.12 Version Details Vulnerabilities
20 Application Nodejs Node.js 0.1.13 Version Details Vulnerabilities
21 Application Nodejs Node.js 0.1.14 Version Details Vulnerabilities
22 Application Nodejs Node.js 0.1.15 Version Details Vulnerabilities
23 Application Nodejs Node.js 0.1.16 Version Details Vulnerabilities
24 Application Nodejs Node.js 0.1.17 Version Details Vulnerabilities
25 Application Nodejs Node.js 0.1.18 Version Details Vulnerabilities
26 Application Nodejs Node.js 0.1.19 Version Details Vulnerabilities
27 Application Nodejs Node.js 0.1.20 Version Details Vulnerabilities
28 Application Nodejs Node.js 0.1.21 Version Details Vulnerabilities
29 Application Nodejs Node.js 0.1.22 Version Details Vulnerabilities
30 Application Nodejs Node.js 0.1.23 Version Details Vulnerabilities
31 Application Nodejs Node.js 0.1.24 Version Details Vulnerabilities
32 Application Nodejs Node.js 0.1.25 Version Details Vulnerabilities
33 Application Nodejs Node.js 0.1.26 Version Details Vulnerabilities
34 Application Nodejs Node.js 0.1.27 Version Details Vulnerabilities
35 Application Nodejs Node.js 0.1.28 Version Details Vulnerabilities
36 Application Nodejs Node.js 0.1.29 Version Details Vulnerabilities
37 Application Nodejs Node.js 0.1.30 Version Details Vulnerabilities
38 Application Nodejs Node.js 0.1.31 Version Details Vulnerabilities
39 Application Nodejs Node.js 0.1.32 Version Details Vulnerabilities
40 Application Nodejs Node.js 0.1.33 Version Details Vulnerabilities
41 Application Nodejs Node.js 0.1.90 Version Details Vulnerabilities
42 Application Nodejs Node.js 0.1.91 Version Details Vulnerabilities
43 Application Nodejs Node.js 0.1.92 Version Details Vulnerabilities
44 Application Nodejs Node.js 0.1.93 Version Details Vulnerabilities
45 Application Nodejs Node.js 0.1.94 Version Details Vulnerabilities
46 Application Nodejs Node.js 0.1.95 Version Details Vulnerabilities
47 Application Nodejs Node.js 0.1.96 Version Details Vulnerabilities
48 Application Nodejs Node.js 0.1.97 Version Details Vulnerabilities
49 Application Nodejs Node.js 0.1.98 Version Details Vulnerabilities
50 Application Nodejs Node.js 0.1.99 Version Details Vulnerabilities
51 Application Nodejs Node.js 0.1.100 Version Details Vulnerabilities
52 Application Nodejs Node.js 0.1.101 Version Details Vulnerabilities
53 Application Nodejs Node.js 0.1.102 Version Details Vulnerabilities
54 Application Nodejs Node.js 0.1.103 Version Details Vulnerabilities
55 Application Nodejs Node.js 0.1.104 Version Details Vulnerabilities
56 Application Nodejs Node.js 0.2.0 Version Details Vulnerabilities
57 Application Nodejs Node.js 0.2.1 Version Details Vulnerabilities
58 Application Nodejs Node.js 0.2.2 Version Details Vulnerabilities
59 Application Nodejs Node.js 0.2.3 Version Details Vulnerabilities
60 Application Nodejs Node.js 0.2.4 Version Details Vulnerabilities
61 Application Nodejs Node.js 0.2.5 Version Details Vulnerabilities
62 Application Nodejs Node.js 0.2.6 Version Details Vulnerabilities
63 Application Nodejs Node.js 0.3.0 Version Details Vulnerabilities
64 Application Nodejs Node.js 0.3.1 Version Details Vulnerabilities
65 Application Nodejs Node.js 0.3.2 Version Details Vulnerabilities
66 Application Nodejs Node.js 0.3.3 Version Details Vulnerabilities
67 Application Nodejs Node.js 0.3.4 Version Details Vulnerabilities
68 Application Nodejs Node.js 0.3.5 Version Details Vulnerabilities
69 Application Nodejs Node.js 0.3.6 Version Details Vulnerabilities
70 Application Nodejs Node.js 0.3.7 Version Details Vulnerabilities
71 Application Nodejs Node.js 0.3.8 Version Details Vulnerabilities
72 Application Nodejs Node.js 0.4.0 Version Details Vulnerabilities
73 Application Nodejs Node.js 0.4.1 Version Details Vulnerabilities
74 Application Nodejs Node.js 0.4.2 Version Details Vulnerabilities
75 Application Nodejs Node.js 0.4.3 Version Details Vulnerabilities
76 Application Nodejs Node.js 0.4.4 Version Details Vulnerabilities
77 Application Nodejs Node.js 0.4.5 Version Details Vulnerabilities
78 Application Nodejs Node.js 0.4.6 Version Details Vulnerabilities
79 Application Nodejs Node.js 0.4.7 Version Details Vulnerabilities
80 Application Nodejs Node.js 0.4.8 Version Details Vulnerabilities
81 Application Nodejs Node.js 0.4.9 Version Details Vulnerabilities
82 Application Nodejs Node.js 0.4.10 Version Details Vulnerabilities
83 Application Nodejs Node.js 0.4.11 Version Details Vulnerabilities
84 Application Nodejs Node.js 0.4.12 Version Details Vulnerabilities
85 Application Nodejs Node.js 0.5.0 Version Details Vulnerabilities
86 Application Nodejs Node.js 0.5.1 Version Details Vulnerabilities
87 Application Nodejs Node.js 0.5.2 Version Details Vulnerabilities
88 Application Nodejs Node.js 0.5.3 Version Details Vulnerabilities
89 Application Nodejs Node.js 0.5.4 Version Details Vulnerabilities
90 Application Nodejs Node.js 0.5.5 Version Details Vulnerabilities
91 Application Nodejs Node.js 0.5.5 RC1 Version Details Vulnerabilities
92 Application Nodejs Node.js 0.5.6 Version Details Vulnerabilities
93 Application Nodejs Node.js 0.5.7 Version Details Vulnerabilities
94 Application Nodejs Node.js 0.5.8 Version Details Vulnerabilities
95 Application Nodejs Node.js 0.5.9 Version Details Vulnerabilities
96 Application Nodejs Node.js 0.5.10 Version Details Vulnerabilities
97 Application Nodejs Node.js 0.6.0 Version Details Vulnerabilities
98 Application Nodejs Node.js 0.6.1 Version Details Vulnerabilities
99 Application Nodejs Node.js 0.6.2 Version Details Vulnerabilities
100 Application Nodejs Node.js 0.6.3 Version Details Vulnerabilities
101 Application Nodejs Node.js 0.6.4 Version Details Vulnerabilities
102 Application Nodejs Node.js 0.6.5 Version Details Vulnerabilities
103 Application Nodejs Node.js 0.6.6 Version Details Vulnerabilities
104 Application Nodejs Node.js 0.6.7 Version Details Vulnerabilities
105 Application Nodejs Node.js 0.6.8 Version Details Vulnerabilities
106 Application Nodejs Node.js 0.6.9 Version Details Vulnerabilities
107 Application Nodejs Node.js 0.6.10 Version Details Vulnerabilities
108 Application Nodejs Node.js 0.6.11 Version Details Vulnerabilities
109 Application Nodejs Node.js 0.6.12 Version Details Vulnerabilities
110 Application Nodejs Node.js 0.6.13 Version Details Vulnerabilities
111 Application Nodejs Node.js 0.6.14 Version Details Vulnerabilities
112 Application Nodejs Node.js 0.6.15 Version Details Vulnerabilities
113 Application Nodejs Node.js 0.6.16 Version Details Vulnerabilities
114 Application Nodejs Node.js 0.6.17 Version Details Vulnerabilities
115 Application Nodejs Node.js 0.6.18 Version Details Vulnerabilities
116 Application Nodejs Node.js 0.6.19 Version Details Vulnerabilities
117 Application Nodejs Node.js 0.6.20 Version Details Vulnerabilities
118 Application Nodejs Node.js 0.6.21 Version Details Vulnerabilities
119 Application Nodejs Node.js 0.7.0 Version Details Vulnerabilities
120 Application Nodejs Node.js 0.7.1 Version Details Vulnerabilities
121 Application Nodejs Node.js 0.7.2 Version Details Vulnerabilities
122 Application Nodejs Node.js 0.7.3 Version Details Vulnerabilities
123 Application Nodejs Node.js 0.7.4 Version Details Vulnerabilities
124 Application Nodejs Node.js 0.7.5 Version Details Vulnerabilities
125 Application Nodejs Node.js 0.7.6 Version Details Vulnerabilities
126 Application Nodejs Node.js 0.7.7 Version Details Vulnerabilities
127 Application Nodejs Node.js 0.7.8 Version Details Vulnerabilities
128 Application Nodejs Node.js 0.7.9 Version Details Vulnerabilities
129 Application Nodejs Node.js 0.7.10 Version Details Vulnerabilities
130 Application Nodejs Node.js 0.7.11 Version Details Vulnerabilities
131 Application Nodejs Node.js 0.7.12 Version Details Vulnerabilities
132 Application Nodejs Node.js 0.8.0 Version Details Vulnerabilities
133 Application Nodejs Node.js 0.8.1 Version Details Vulnerabilities
134 Application Nodejs Node.js 0.8.2 Version Details Vulnerabilities
135 Application Nodejs Node.js 0.8.3 Version Details Vulnerabilities
136 Application Nodejs Node.js 0.8.4 Version Details Vulnerabilities
137 Application Nodejs Node.js 0.8.5 Version Details Vulnerabilities
138 Application Nodejs Node.js 0.8.6 Version Details Vulnerabilities
139 Application Nodejs Node.js 0.8.7 Version Details Vulnerabilities
140 Application Nodejs Node.js 0.8.8 Version Details Vulnerabilities
141 Application Nodejs Node.js 0.8.9 Version Details Vulnerabilities
142 Application Nodejs Node.js 0.8.10 Version Details Vulnerabilities
143 Application Nodejs Node.js 0.8.11 Version Details Vulnerabilities
144 Application Nodejs Node.js 0.8.12 Version Details Vulnerabilities
145 Application Nodejs Node.js 0.8.13 Version Details Vulnerabilities
146 Application Nodejs Node.js 0.8.14 Version Details Vulnerabilities
147 Application Nodejs Node.js 0.8.15 Version Details Vulnerabilities
148 Application Nodejs Node.js 0.8.16 Version Details Vulnerabilities
149 Application Nodejs Node.js 0.8.17 Version Details Vulnerabilities
150 Application Nodejs Node.js 0.8.18 Version Details Vulnerabilities
151 Application Nodejs Node.js 0.8.19 Version Details Vulnerabilities
152 Application Nodejs Node.js 0.8.20 Version Details Vulnerabilities
153 Application Nodejs Node.js 0.8.21 Version Details Vulnerabilities
154 Application Nodejs Node.js 0.8.22 Version Details Vulnerabilities
155 Application Nodejs Node.js 0.8.23 Version Details Vulnerabilities
156 Application Nodejs Node.js 0.8.24 Version Details Vulnerabilities
157 Application Nodejs Node.js 0.8.25 Version Details Vulnerabilities
158 Application Nodejs Node.js 0.8.26 Version Details Vulnerabilities
159 Application Nodejs Node.js 0.8.27 Version Details Vulnerabilities
160 Application Nodejs Node.js 0.8.28 Version Details Vulnerabilities
161 Application Nodejs Node.js 0.9.0 Version Details Vulnerabilities
162 Application Nodejs Node.js 0.9.1 Version Details Vulnerabilities
163 Application Nodejs Node.js 0.9.2 Version Details Vulnerabilities
164 Application Nodejs Node.js 0.9.3 Version Details Vulnerabilities
165 Application Nodejs Node.js 0.9.4 Version Details Vulnerabilities
166 Application Nodejs Node.js 0.9.5 Version Details Vulnerabilities
167 Application Nodejs Node.js 0.9.6 Version Details Vulnerabilities
168 Application Nodejs Node.js 0.9.7 Version Details Vulnerabilities
169 Application Nodejs Node.js 0.9.8 Version Details Vulnerabilities
170 Application Nodejs Node.js 0.9.9 Version Details Vulnerabilities
171 Application Nodejs Node.js 0.9.10 Version Details Vulnerabilities
172 Application Nodejs Node.js 0.9.11 Version Details Vulnerabilities
173 Application Nodejs Node.js 0.9.12 Version Details Vulnerabilities
174 Application Nodejs Node.js 0.10.0 Version Details Vulnerabilities
175 Application Nodejs Node.js 0.10.1 Version Details Vulnerabilities
176 Application Nodejs Node.js 0.10.2 Version Details Vulnerabilities
177 Application Nodejs Node.js 0.10.3 Version Details Vulnerabilities
178 Application Nodejs Node.js 0.10.4 Version Details Vulnerabilities
179 Application Nodejs Node.js 0.10.5 Version Details Vulnerabilities
180 Application Nodejs Node.js 0.10.6 Version Details Vulnerabilities
181 Application Nodejs Node.js 0.10.7 Version Details Vulnerabilities
182 Application Nodejs Node.js 0.10.8 Version Details Vulnerabilities
183 Application Nodejs Node.js 0.10.9 Version Details Vulnerabilities
184 Application Nodejs Node.js 0.10.10 Version Details Vulnerabilities
185 Application Nodejs Node.js 0.10.11 Version Details Vulnerabilities
186 Application Nodejs Node.js 0.10.12 Version Details Vulnerabilities
187 Application Nodejs Node.js 0.10.13 Version Details Vulnerabilities
188 Application Nodejs Node.js 0.10.14 Version Details Vulnerabilities
189 Application Nodejs Node.js 0.10.15 Version Details Vulnerabilities
190 Application Nodejs Node.js 0.10.16 Version Details Vulnerabilities
191 Application Nodejs Node.js 0.10.16-isaacs-manual Version Details Vulnerabilities
192 Application Nodejs Node.js 0.10.17 Version Details Vulnerabilities
193 Application Nodejs Node.js 0.10.18 Version Details Vulnerabilities
194 Application Nodejs Node.js 0.10.19 Version Details Vulnerabilities
195 Application Nodejs Node.js 0.10.20 Version Details Vulnerabilities
196 Application Nodejs Node.js 0.10.21 Version Details Vulnerabilities
197 Application Nodejs Node.js 0.10.22 Version Details Vulnerabilities
198 Application Nodejs Node.js 0.10.23 Version Details Vulnerabilities
199 Application Nodejs Node.js 0.10.24 Version Details Vulnerabilities
200 Application Nodejs Node.js 0.10.25 Version Details Vulnerabilities
201 Application Nodejs Node.js 0.10.26 Version Details Vulnerabilities
202 Application Nodejs Node.js 0.10.27 Version Details Vulnerabilities
203 Application Nodejs Node.js 0.10.28 Version Details Vulnerabilities
204 Application Nodejs Node.js 0.10.29 Version Details Vulnerabilities
205 Application Nodejs Node.js 0.10.30 Version Details Vulnerabilities
206 Application Nodejs Node.js 0.10.31 Version Details Vulnerabilities
207 Application Nodejs Node.js 0.10.32 Version Details Vulnerabilities
208 Application Nodejs Node.js 0.10.33 Version Details Vulnerabilities
209 Application Nodejs Node.js 0.10.34 Version Details Vulnerabilities
210 Application Nodejs Node.js 0.10.35 Version Details Vulnerabilities
211 Application Nodejs Node.js 0.10.36 Version Details Vulnerabilities
212 Application Nodejs Node.js 0.10.37 Version Details Vulnerabilities
213 Application Nodejs Node.js 0.10.38 Version Details Vulnerabilities
214 Application Nodejs Node.js 0.10.39 Version Details Vulnerabilities
215 Application Nodejs Node.js 0.10.40 Version Details Vulnerabilities
216 Application Nodejs Node.js 0.10.41 Version Details Vulnerabilities
217 Application Nodejs Node.js 0.10.41 RC1 Version Details Vulnerabilities
218 Application Nodejs Node.js 0.10.42 Version Details Vulnerabilities
219 Application Nodejs Node.js 0.10.43 Version Details Vulnerabilities
220 Application Nodejs Node.js 0.10.44 Version Details Vulnerabilities
221 Application Nodejs Node.js 0.10.45 Version Details Vulnerabilities
222 Application Nodejs Node.js 0.10.46 Version Details Vulnerabilities
223 Application Nodejs Node.js 0.10.47 Version Details Vulnerabilities
224 Application Nodejs Node.js 0.10.48 Version Details Vulnerabilities
225 Application Nodejs Node.js 0.11.0 Version Details Vulnerabilities
226 Application Nodejs Node.js 0.11.1 Version Details Vulnerabilities
227 Application Nodejs Node.js 0.11.2 Version Details Vulnerabilities
228 Application Nodejs Node.js 0.11.3 Version Details Vulnerabilities
229 Application Nodejs Node.js 0.11.4 Version Details Vulnerabilities
230 Application Nodejs Node.js 0.11.5 Version Details Vulnerabilities
231 Application Nodejs Node.js 0.11.6 Version Details Vulnerabilities
232 Application Nodejs Node.js 0.11.7 Version Details Vulnerabilities
233 Application Nodejs Node.js 0.11.8 Version Details Vulnerabilities
234 Application Sync-exec Project Sync-exec 0.6.2 ~~~node.js~~ Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Nodejs Node.js 233
Sync-exec Project Sync-exec 1

- References For CVE-2017-16024

https://nodesecurity.io/advisories/310
https://cwe.mitre.org/data/definitions/377.html
https://github.com/gvarsanyi/sync-exec/issues/17
https://www.owasp.org/index.php/Insecure_Temporary_File

- Metasploit Modules Related To CVE-2017-16024

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.