Lucene search
K

35 matches found

Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.51 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.6CVSS7.1AI score0.0185EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2021/08/31 4:5 p.m.3 views

GHSA-QQ89-HQ3F-393P Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.7AI score0.0185EPSS
Exploits0References14
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.19 views

CVE-2021-37701 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

8.2CVSS9AI score0.03286EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.29 views

CVE-2021-37712 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

8.2CVSS9.1AI score0.0185EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/08/26 10:18 a.m.4 views

nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...

8.2CVSS7.4AI score0.07795EPSS
Exploits0References5
OSV
OSV
added 2021/08/03 7:15 p.m.1 views

DEBIAN-CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.1CVSS7.1AI score0.07795EPSS
Exploits0References1
NVD
NVD
added 2021/08/03 7:15 p.m.29 views

CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS0.07795EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/08/03 7:15 p.m.49 views

CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS6.9AI score0.07795EPSS
Exploits0References6
Prion
Prion
added 2021/08/03 7:15 p.m.28 views

Design/Logic Flaw

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

5.8CVSS8.7AI score0.07795EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2021/08/03 7:15 p.m.2 views

UBUNTU-CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS6.8AI score0.07795EPSS
Exploits0References7
Cvelist
Cvelist
added 2021/08/03 7:5 p.m.34 views

CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.2CVSS9.1AI score0.07795EPSS
Exploits0References6
OSV
OSV
added 2021/08/03 7:0 p.m.4 views

GHSA-R628-MHMH-QJHW Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.9AI score0.07795EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2021/08/03 7:0 p.m.84 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS1.3AI score0.07795EPSS
Exploits0References12Affected Software1
Node.js
Node.js
added 2021/08/03 6:14 p.m.111 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Overview The tar package has a high severity vulnerability before versions 3.2.3, 4.4.15, 5.0.7, and 6.1.2. Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths...

5.8CVSS1.7AI score0.07795EPSS
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.10 views

Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016

Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016 Summary This update includes quality improvements for Windows 10 Version 1607 and Windows Server 2016. No new operating system features are being introduced in this update. Key changes include: Improved the...

6.7AI score
Exploits0
Rows per page
Query Builder