Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2020/04/02 1:59 p.m.31 views

CVE-2018-20834

A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...

8.8CVSS3.3AI score0.03145EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/07/22 1:39 p.m.121 views

Important: Red Hat Security Advisory: rh-nodejs8-nodejs security update

An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.7AI score0.41288EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2019/05/01 6:37 p.m.5 views

0.8.18-p11 (=0.8.18-p12), 37fis (>=1.0.0 <=1.0.2) +4789 more potentially affected by CVE-2018-20834 via tar (>=0.1.12 <=2.2.1)

tar NPM version =0.1.12, =1.0.0, =1.0.0, =1.0.1, =0.6.3, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =0.1.5 and more Source cves: CVE-2018-20834 Source advisory: OSV:GHSA-J44M-QM6P-HP7M...

7.5CVSS7.1AI score0.03145EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/05/01 6:37 p.m.5 views

0-dd-trace-init-first-production (>=1.0.0 <=1.0.1), 003-gas-convert (=1.0.1) +19168 more potentially affected by CVE-2018-20834 via tar (>=3.0.0 <=4.4.19)

tar NPM version =3.0.0, =1.0.0, =2.5.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =1.0.0, =1.0.0, =1.0.4, =1.0.0, =1.0.2 and more Source cves: CVE-2018-20834 Source advisory: OSV:GHSA-J44M-QM6P-HP7M...

7.5CVSS7.1AI score0.03145EPSS
Exploits1
NVD
NVD
added 2019/04/30 7:29 p.m.26 views

CVE-2018-20834

A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...

7.5CVSS7.8AI score0.03145EPSS
Exploits1References7
CVE
CVE
added 2019/04/30 6:1 p.m.111 views

CVE-2018-20834

CVE-2018-20834 affects the node-tar library. An Arbitrary File Overwrite exists when extracting a tarball that contains a hardlink to a file already present on the system, in conjunction with a later plain file with the same name as the hardlink, allowing the plain file content to overwrite the e...

7.5CVSS7.2AI score0.03145EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2019/04/30 6:1 p.m.26 views

CVE-2018-20834

A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...

7.5CVSS7.4AI score0.03145EPSS
Exploits1
Rows per page
Query Builder