Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:24 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...

8.7CVSS5.7AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 1:25 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versio...

8.7CVSS6.8AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 12:47 a.m.10 views

Security Bulletin: Security vulnerabilities were found in IBM Verify Identity Access Digital Credentials (CVE-2025-48387, CVE-2025-5889)

Summary Security vulnerabilities were addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside...

8.7CVSS4.2AI score0.00474EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.1 views

CBL Mariner 2.0 Security Update: reaper (CVE-2025-48387)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48387 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue...

8.7CVSS6.4AI score0.00474EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/07/10 3:7 p.m.4 views

CVE-2025-48387 affecting package reaper for versions less than 3.1.1-19

CVE-2025-48387 affecting package reaper for versions less than 3.1.1-19. A patched version of the package is available...

8.7CVSS7.3AI score0.00474EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 9:56 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU...

8.7CVSS8AI score0.01966EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-ad2565414f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.3AI score0.00474EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-732290e75c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.3AI score0.00474EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/13 12:0 a.m.1 views

Fedora 41 : yarnpkg (2025-ad2565414f)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ad2565414f advisory. Fix CVE-2025-48387. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

8.7CVSS6.5AI score0.00474EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.1 views

Fedora 42 : yarnpkg (2025-732290e75c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-732290e75c advisory. Fix CVE-2025-48387. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

8.7CVSS6.5AI score0.00474EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/12 12:0 a.m.5 views

Debian: Security Advisory (DLA-4214-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.5AI score0.02186EPSS
Exploits2References2
Debian
Debian
added 2025/06/11 8:57 p.m.6 views

[SECURITY] [DLA 4214-1] node-tar-fs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4214-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 11, 2025 https://wiki.debian.org/LTS -...

8.7CVSS7.1AI score0.02186EPSS
Exploits2
Wolfi
Wolfi
added 2025/06/06 1:49 p.m.16 views

CVE-2025-48387 vulnerabilities

Vulnerabilities for packages: tileserver-gl, sqlpad, code-server, jitsucom-jitsu...

8.7CVSS6.3AI score0.00474EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/03 6:14 a.m.7 views

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2025-48387 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-48387 Source advisory: OSV:GHSA-8CJ5-5RVV-WF...

8.7CVSS6AI score0.00474EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/03 6:14 a.m.6 views

007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4988 more potentially affected by CVE-2025-48387 via tar-fs (>=2.0.0 <=2.1.2)

tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-48387 Source advisory: OSV:GHSA-8CJ5-5RVV-WF4V...

8.7CVSS6AI score0.00474EPSS
Exploits0
NVD
NVD
added 2025/06/02 8:15 p.m.13 views

CVE-2025-48387

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS0.00474EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/06/02 7:43 p.m.8 views

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-48387 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

8.7CVSS6.1AI score0.00474EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/06/02 7:20 p.m.6 views

CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS7.2AI score0.00474EPSS
Exploits0References3
CVE
CVE
added 2025/06/02 7:20 p.m.305 views

CVE-2025-48387

Summary of CVE-2025-48387 (tar-fs) : A path-traversal risk in tar-fs bindings for tar-stream affects releases prior to 3.0.9, 2.1.3, and 1.16.5, where extracting certain tarballs can write outside the intended directory. The issue has been fixed in 3.0.9, 2.1.3, and 1.16.5. As a workaround, you c...

8.7CVSS6.5AI score0.00474EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/06/02 12:0 a.m.4 views

CVE-2025-48387

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS6.5AI score0.00474EPSS
Exploits0References3
Rows per page
Query Builder