3 matches found
@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +365 more potentially affected by CVE-2018-20835 via tar-fs (>=0.1.8 <=1.16.0)
tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.1.3, =1.1.15 - @monsieurbarti/micro-connector =3.1.7 and more Source cves: CVE-2018-20835 Source advisory: OSV:GHSA-X2MC-8FGJ-3WMR...
CVE-2018-20835
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...
CVE-2018-20835
CVE-2018-20835 affects tar-fs (node tar extraction library) before version 1.16.2. The vulnerability is an Arbitrary File Overwrite that occurs when extracting a tarball containing a hardlink to a file that already exists on the system, combined with a later plain file named the same as the hardl...