Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : nodejs:14 (AXSA:2022-3040:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3040:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788...

9.8CVSS7.3AI score0.04456EPSS
Exploits6References10
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/02/01 9:18 p.m.59 views

Moderate: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.04456EPSS
Exploits6References10
RedHat Linux
RedHat Linux
added 2022/01/06 6:43 p.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
Node.js
Node.js
added 2021/08/31 4:10 p.m.791 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks...

4.4CVSS2.2AI score0.0185EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2021/08/31 4:10 p.m.69 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks...

4.4CVSS0.9AI score0.03286EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.40 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.6CVSS7.3AI score0.03286EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.28 views

CVE-2021-37712 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

8.2CVSS9.1AI score0.0185EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.18 views

CVE-2021-37701 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

8.2CVSS9AI score0.03286EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/08/03 7:5 p.m.31 views

CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS9.1AI score0.07795EPSS
Exploits0References6
OSV
OSV
added 2021/08/03 7:0 p.m.4 views

GHSA-R628-MHMH-QJHW Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.9AI score0.07795EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2021/08/03 7:0 p.m.84 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS1.3AI score0.07795EPSS
Exploits0References12Affected Software1
Node.js
Node.js
added 2021/08/03 6:14 p.m.111 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Overview The tar package has a high severity vulnerability before versions 3.2.3, 4.4.15, 5.0.7, and 6.1.2. Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths...

5.8CVSS1.7AI score0.07795EPSS
Exploits0Affected Software1
Rows per page
Query Builder