Lucene search

K

Node-tar Security Vulnerabilities

cve
cve

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-03-21 11:15 PM
67
cve
cve

CVE-2021-37712

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part,...

8.6CVSS

7.4AI Score

0.001EPSS

2021-08-31 05:15 PM
225
22
cve
cve

CVE-2021-37713

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is,....

8.6CVSS

7.1AI Score

0.001EPSS

2021-08-31 05:15 PM
135
6
cve
cve

CVE-2021-37701

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part,...

8.6CVSS

7.3AI Score

0.001EPSS

2021-08-31 05:15 PM
204
4
cve
cve

CVE-2021-32804

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when...

8.2CVSS

7.4AI Score

0.007EPSS

2021-08-03 07:15 PM
218
5
cve
cve

CVE-2021-32803

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is,...

8.2CVSS

7.3AI Score

0.007EPSS

2021-08-03 07:15 PM
248
5
cve
cve

CVE-2018-20834

A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink....

7.5CVSS

7.2AI Score

0.003EPSS

2019-04-30 07:29 PM
60