5 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-38511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via...
async_docker (>=0.1.0 <=0.1.1), cargo (>=0.4.0 <=0.8.0) +11 more potentially affected by CVE-2021-38511 via tar (>=0.2.14 <=0.3.4)
tar CARGO version =0.2.14, =0.1.0, =0.4.0, =0.3.1, =0.1.0, =0.3.0, =0.2.0, =0.2.0, =0.2.1, =0.0.1, =0.0.9 - wormhole =0.1.0 Source cves: CVE-2021-38511 Source advisory: OSV:GHSA-62JX-8VMH-4MCW...
CVE-2021-38511
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...
CVE-2021-38511
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...
CVE-2021-38511
CVE-2021-38511 affects the Rust tar crate prior to 0.4.36. When a TAR archive contains symlinks, extraction can perform a directory traversal with “..”, potentially creating arbitrary directories. Practical impact is described as partial integrity/authoritative access loss during extraction; expl...