CBL Mariner 2.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)

The version of nodejs / nodejs18 / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...

node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

...

CVE-2024-28863

A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar (CVE-2024-28863)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-tar is vulnerable to a denial of service, caused by the lack of...

K000139643: Node-tar vulnerability CVE-2024-28863

Security Advisory Description node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash t...

Node.js Module node-tar < 6.2.1 DoS

In the nodejs module node-tar prior to version 6.2.1, there is no validation of the number of folders created while unpacking a file. As a result, an attacker can use a malicious file to exhaust the CPU and memory on the host and crash the nodejs client. Note that Nessus has not tested for these...

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive o...

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused due to lack of validation on the number of folders created during the folder creation process.This allows an attackers to consume excessive CPU and memory resources, potentially causing the system to become unresponsive ...

@atlarafirm/quillkit (>=1.2.0 <=1.3.8), @grafana/faro-bundlers-shared (>=0.0.0 <=0.1.1) +8 more potentially affected by CVE-2024-28863 via node-tar (=1.0.0)

node-tar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-tar and may be impacted: - @atlarafirm/quillkit =1.2.0, =0.0.0, =0.0.0, =0.0.0, =0.1.0, =0.0.2, =0.0.17, =0.0.24 Source cves: CVE-2024-28863 Source advisory:...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

GHSA-F5X3-32G6-XQ36 Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

AZL-37115 CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

AZL-37136 CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

DEBIAN-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

UBUNTU-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

CVE-2024-28863 affects the npm package graph for Node.js via the node-tar library. The issue: node-tar prior to version 6.2.1 imposes no limit on the number of sub-folders created during folder extraction, enabling an attacker to produce a path with many sub-folders that can consume memory and cr...