14 matches found
OPENSUSE-SU-2026:20998-1 Security update for tree-sitter-ruby
This update for tree-sitter-ruby fixes the following issues - CVE-2025-5889: brace-expansion: inefficient regular expression complexity in function expand of file index.js bsc1244345. - CVE-2025-59343: tar-fs: tar-fs symlink validation bypass bsc1250517. Changes for tree-sitter-ruby: - Use correc...
Security Bulletin: Vulnerabilities in tar-fs-2.1.1.tgz affecting MongoDB Enterprised Advanced (CVE-2025-59343)
Summary There is a vulnerability in tar-fs-2.1.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-59343. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1,...
Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.
Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...
Fedora 43 : yarnpkg (2025-ee9e7fb981)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ee9e7fb981 advisory. Fix CVE-2025-59343. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
Fedora: Security Advisory (FEDORA-2025-4dd58248ff)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : yarnpkg (2025-4dd58248ff)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4dd58248ff advisory. Fix CVE-2025-59343. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
tree-sitter-ruby-0.23.1-2.1 on GA media (moderate)
tree-sitter-ruby-0.23.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15582-1 Rating: moderate Cross-References: CVE-2025-5889 CVE-2025-59343 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2...
SUSE CVE-2025-59343
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...
CVE-2025-59343 vulnerabilities
Vulnerabilities for packages: tileserver-gl-fips, code-server, redisinsight, gitlab-rails-ce, gitlab-rails-ce-fips, grafana-image-renderer, tileserver-gl, sqlpad, kibana, langfuse...
007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4988 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)
tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR5V...
0wcc9yywcywy (=1.0.0), 0wu8yw8by8cw (=1.0.0) +2809 more potentially affected by CVE-2025-59343 via tar-fs (>=3.0.2 <=3.1.0)
tar-fs NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...
007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4988 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)
tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...
@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)
tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...