Debian dla-3237 : node-tar - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3237 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3237-1 [email protected]...

DLA-3237-1 node-tar - security update

Bulletin has no description...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

The vulnerability of the Node-tar module in the Node.js library allows a hacker to write any files or execute any code.

The vulnerability of the Node-tar module in the Node.js library is related to insufficient checking of the path name to the restricted access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files or execute arbitrary code...

The vulnerability of the Node.js module for processing tar archives, Node-tar, is related to vulnerabilities in the pathname limitation of the directory. This allows attackers to load arbitrary files and execute arbitrary code.

The vulnerability of the Node.js module for processing tar archives with the Node-tar module is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to load arbitrary files and execute arbitrary code...

AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

USN-5283-1 node-tar vulnerability

It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack...

Oracle Linux 8 : nodejs:14 (ELSA-2022-0350)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0350 advisory. nodejs 1:14.18.2-2 - Add missing fixes - Resolves: RHBZ2027642, RHBZ2027635 1:14.18.2-1 - Resolves: RHBZ2027609 - Resolves: RHBZ2027649, RHBZ2027646,...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0101-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0101-1 advisory. - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names bsc1194511. - CVE-2021-44532: Fixed certificate...

The vulnerability of the Node.js module for processing tar archives, Node-tar, is related to shortcomings in pathname restrictions for directories. This allows attackers to compromise data integrity and cause service failures.

The vulnerability of the Node.js module for processing tar archives with the Node-tar module is related to the possibility of bypassing the symbolic link checks for directories. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...

The vulnerability of the Node.js module for processing tar archives using Node-tar lies in the shortcomings of the pathname limitation, which allows attackers to compromise the integrity of the data and cause service failures.

The vulnerability of the Node.js module for processing tar archives using Node-tar is related to incorrect filtering of the '/' character sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1574-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1574-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:3964-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3964-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:3940-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3940-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...