Lucene search

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

🗓️ 03 Aug 2021 19:40:00Reported by GitHub Advisory DatabaseType

Arbitrary file overwrite due to symlink vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 138
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-32803)	24 Nov 202111:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32803	20 Oct 202110:09	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services	9 Nov 202118:30	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	24 May 202218:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	1 Oct 202106:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities	25 Oct 202115:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities	20 Apr 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in React, webpack and Node.js modules affect Tivoli Netcool/OMNIbus WebGUI	6 Oct 202204:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System	16 Aug 202215:59	–	ibm

Vulners

Node

tar_project tarRange3.0.0–3.2.3

tar_project tarRange6.0.0–6.1.2

tar_project tarRange5.0.0–5.0.7

tar_project tarRange4.0.0–4.4.15

Source	Link
github	www.github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
github	www.github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
npmjs	www.npmjs.com/advisories/1771
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-32803
npmjs	www.npmjs.com/package/tar
oracle	www.oracle.com/security-alerts/cpuoct2021.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github	www.github.com/isaacs/node-tar/commit/46fe35083e2676e31c4e0a81639dce6da7aaa356
github	www.github.com/isaacs/node-tar/commit/5987d9a41f6bfbf1ddab1098e1fdcf1a5618f571
github	www.github.com/isaacs/node-tar/commit/85d3a942b4064e4ff171f91696fced7975167349

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Aug 2021 19:00Current

1.3Low risk

Vulners AI Score1.3

CVSS25.8

CVSS38.1 - 8.2

EPSS0.00208

arbitrary file creation directory cache poisoning node-tar symlink protection arbitrary code execution