Lucene search

K
redhatcveRedhat.comRH:CVE-2021-37713
HistoryDec 16, 2021 - 4:50 p.m.

CVE-2021-37713

2021-12-1616:50:36
redhat.com
access.redhat.com
16

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.5%

A flaw was found in the npm package “tar” (aka node-tar). On Windows systems, when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, the result of path.resolve(extractionDirectory, entryPath) would resolve against the current working directory rather than the extraction target directory.

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.5%