13 matches found
Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
Symlink Following
Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Symlink Following via the symlink validation process in the inCwd function. An attacker can write files outside the intended extraction directory by crafting a malicious...
Symlink Following
Overview tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Symlink Following via the symlink validation process in the inCwd function. An attacker can write files outside the intended extraction directory by crafting a malicious tarball that...
DEBIAN-CVE-2025-59343
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...
CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...
CVE-2025-59343
CVE-2025-59343 affects tar-fs, which provides filesystem bindings for tar-stream. Reported in the initial document, versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to a symlink validation bypass when the destination directory is predictable with a specific tarball. The issue is patched ...
CVE-2025-48387
A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite...
DEBIAN-CVE-2025-48387
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
CVE-2025-48387
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
Improper Link Resolution Before File Access ('Link Following')
Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Improper Link Resolution Before File Access 'Link Following' through the exports.extract function. An attacker can manipulate the path of extracted files to write outside t...
CVE-2025-48387
Summary of CVE-2025-48387 (tar-fs) : A path-traversal risk in tar-fs bindings for tar-stream affects releases prior to 3.0.9, 2.1.3, and 1.16.5, where extracting certain tarballs can write outside the intended directory. The issue has been fixed in 3.0.9, 2.1.3, and 1.16.5. As a workaround, you c...
PT-2025-39311
Name of the Vulnerable Software and Affected Versions tar-fs versions prior to 3.1.1 tar-fs versions prior to 2.1.3 tar-fs version 1.16.5 Description tar-fs provides filesystem bindings for tar-stream. Affected versions are susceptible to a symlink validation bypass if the destination directory i...
CVE-2011-1652
The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement RA, and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct...