3 matches found
UBUNTU-CVE-2018-20990
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
GHSA-J44M-QM6P-HP7M Arbitrary File Overwrite in tar
Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...
DEBIAN-CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...