5 matches found
CLSA-2025-1756305640 nodejs: Fix of CVE-2024-28863
CVE-2024-28863: prevent extraction in excessively deep sub-folders to address unlimited sub-folders vulnerability...
Medium: nodejs
Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...
AZL-37136 CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
AZL-37115 CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
DEBIAN-CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...