eslint-6.8.0.tgz: 1 vulnerabilities (highest severity is: 2.5) #1544
Description
Vulnerable Library - eslint-6.8.0.tgz
Path to dependency file: /packages/eslint-plugin/package.json
Path to vulnerable library: /package.json,/packages/eslint-plugin/node_modules/tmp/package.json
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (eslint version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-54798 |  Low |
2.5 | tmp-0.0.33.tgz | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-54798
Vulnerable Library - tmp-0.0.33.tgz
Temporary file and directory creator
Library home page: https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json,/packages/eslint-plugin/node_modules/tmp/package.json
Dependency Hierarchy:
- eslint-6.8.0.tgz (Root Library)
- inquirer-7.3.3.tgz
- external-editor-3.1.0.tgz
- ❌ tmp-0.0.33.tgz (Vulnerable Library)
- external-editor-3.1.0.tgz
- inquirer-7.3.3.tgz
Found in base branch: main
Vulnerability Details
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Publish Date: 2025-08-07
URL: CVE-2025-54798
CVSS 3 Score Details (2.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None