3 matches found
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:3886-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3886-1 advisory. nodejs14 was updated to 14.18.1: deps: update llhttp to 2.1.4 Security fixes: - HTTP Request Smuggling due to spaced in headers bsc1191601,...
Design/Logic Flaw
The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...
CVE-2021-37701
The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...