7 matches found
CVE-2018-20834
A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...
Important: Red Hat Security Advisory: rh-nodejs8-nodejs security update
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
0.8.18-p11 (=0.8.18-p12), 37fis (>=1.0.0 <=1.0.2) +4789 more potentially affected by CVE-2018-20834 via tar (>=0.1.12 <=2.2.1)
tar NPM version =0.1.12, =1.0.0, =1.0.0, =1.0.1, =0.6.3, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =0.1.5 and more Source cves: CVE-2018-20834 Source advisory: OSV:GHSA-J44M-QM6P-HP7M...
0-dd-trace-init-first-production (>=1.0.0 <=1.0.1), 003-gas-convert (=1.0.1) +19168 more potentially affected by CVE-2018-20834 via tar (>=3.0.0 <=4.4.19)
tar NPM version =3.0.0, =1.0.0, =2.5.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =1.0.0, =1.0.0, =1.0.4, =1.0.0, =1.0.2 and more Source cves: CVE-2018-20834 Source advisory: OSV:GHSA-J44M-QM6P-HP7M...
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...
CVE-2018-20834
CVE-2018-20834 affects the node-tar library. An Arbitrary File Overwrite exists when extracting a tarball that contains a hardlink to a file already present on the system, in conjunction with a later plain file with the same name as the hardlink, allowing the plain file content to overwrite the e...
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...