4 matches found
Ubuntu 16.04 ESM : node-tar vulnerability (USN-4777-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4777-1 advisory. It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. Tenable has...
6to5 (=3.0.0), @blank-string/static.blankstring.surge.sh (>=1.0.0 <=1.0.1) +4296 more potentially affected by CVE-2015-8860 via tar (>=0.1.12 <=1.0.3)
tar NPM version =0.1.12, =1.0.0, =0.6.3, =1.0.0, =1.0.0, =0.1.2, =1.2.6, =1.0.1, =1.0.0, =0.7.1, =0.97.5, =0.97.7 and more Source cves: CVE-2015-8860 Source advisory: OSV:GHSA-GFJR-3JMM-4G9V...
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...