Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31022

Malicious code in bioql PyPI...

8.7CVSS6.2AI score0.00516EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/09/25 11:23 p.m.4 views

SUSE CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

6.2CVSS7.6AI score0.00516EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.11 views

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Impact v3.1.0, v2.1.3, v1.16.5 and below Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...

8.7CVSS7AI score0.00516EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/09/24 6:15 p.m.5 views

CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS0.00516EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 6:15 p.m.3 views

UBUNTU-CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS6.6AI score0.00516EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/24 5:43 p.m.1 views

CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS6.5AI score0.00516EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/24 5:43 p.m.10 views

CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS0.00516EPSS
Exploits0References2
OSV
OSV
added 2025/06/03 6:14 a.m.4 views

GHSA-8CJ5-5RVV-WF4V tar-fs can extract outside the specified dir with a specific tarball

Impact v3.0.8, v2.1.2, v1.16.4 and below Patches Has been patched in 3.0.9, 2.1.3, and 1.16.5 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...

8.7CVSS6.6AI score0.00474EPSS
Exploits0References6
OSV
OSV
added 2025/06/02 8:15 p.m.1 views

UBUNTU-CVE-2025-48387

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS5.8AI score0.00474EPSS
Exploits0References5
Rows per page
Query Builder