Lucene search
K

59 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-32804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient...

8.2CVSS6.8AI score0.15014EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...

6.5CVSS6.5AI score0.00929EPSS
Exploits1References2
Amazon
Amazon
added 2024/11/14 12:0 a.m.6 views

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

6.5CVSS6.8AI score0.00929EPSS
Exploits1
Amazon
Amazon
added 2024/11/14 12:0 a.m.5 views

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

6.5CVSS7.2AI score0.00929EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability of the node-tar module in the Node.js library, which allows a hacker to cause a service failure.

The vulnerability of the node-tar module in the Node.js library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.3AI score0.00929EPSS
Exploits1References7Affected Software9
RedHat Linux
RedHat Linux
added 2024/09/03 2:29 a.m.3 views

node-tar: denial of service while parsing a tar file due to lack of folders depth validation

A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...

6.5CVSS7.4AI score0.00929EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2024/03/22 4:57 p.m.4 views

@atlarafirm/quillkit (>=1.2.0 <=1.3.8), @grafana/faro-bundlers-shared (>=0.0.0 <=0.1.1) +8 more potentially affected by CVE-2024-28863 via node-tar (=1.0.0)

node-tar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-tar and may be impacted: - @atlarafirm/quillkit =1.2.0, =0.0.0, =0.0.0, =0.0.0, =0.1.0, =0.0.2, =0.0.17, =0.0.24 Source cves: CVE-2024-28863 Source advisory:...

6.5CVSS6.5AI score0.00929EPSS
Exploits1
OSV
OSV
added 2024/03/21 11:15 p.m.2 views

DEBIAN-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

6.5CVSS6.1AI score0.00929EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/05/20 12:0 a.m.7 views

The vulnerability of the Node-tar module in the Node.js library allows a hacker to write any files or execute any code.

The vulnerability of the Node-tar module in the Node.js library is related to insufficient checking of the path name to the restricted access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files or execute arbitrary code...

7.4CVSS7.5AI score0.01263EPSS
Exploits0References8Affected Software4
RedHat Linux
RedHat Linux
added 2022/02/01 9:18 p.m.3 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.53 views

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0101-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0101-1 advisory. - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names bsc1194511. - CVE-2021-44532: Fixed certificate...

8.6CVSS7.2AI score0.21514EPSS
Exploits4References34
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.7 views

The vulnerability of the Node.js module for processing tar archives using Node-tar lies in the shortcomings of the pathname limitation, which allows attackers to compromise the integrity of the data and cause service failures.

The vulnerability of the Node.js module for processing tar archives using Node-tar is related to incorrect filtering of the '/' character sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...

8.1CVSS6.7AI score0.15014EPSS
Exploits1References8Affected Software4
RedHat Linux
RedHat Linux
added 2021/09/27 7:40 a.m.5 views

nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...

8.2CVSS7.4AI score0.15014EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2021/08/31 4:32 a.m.103 views

Exploit for Path Traversal in Tar_Project Tar

CVE-2021-32804 yamory blog 「CVE-2021-32804 npmにも影響があるnode-ta...

8.2CVSS8.1AI score0.15014EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.4 views

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression. A backlink vulnerability exists in Node-tar, which stems from the product not validating special characters. An attacker can use this vulnerability to create malicious files in other paths...

8.6CVSS7.1AI score0.0185EPSS
Exploits0References34
OSV
OSV
added 2021/08/03 7:6 p.m.6 views

GHSA-3JFQ-G458-7QM9 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any...

8.2CVSS6.9AI score0.15014EPSS
Exploits1References8
OSV
OSV
added 2021/08/03 7:0 p.m.4 views

GHSA-R628-MHMH-QJHW Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.9AI score0.07795EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2021/07/27 12:0 a.m.9 views

PT-2021-5776 · Npm +9 · Node-Tar +9

Name of the Vulnerable Software and Affected Versions: node-tar versions prior to 3.2.3 node-tar versions prior to 4.4.15 node-tar versions prior to 5.0.7 node-tar versions prior to 6.1.2 Description: The issue is related to insufficient symlink protection in the node-tar module for handling tar...

9.8CVSS7.8AI score0.77766EPSS
Exploits36References291
Positive Technologies
Positive Technologies
added 2021/07/24 12:0 a.m.8 views

PT-2021-5756 · Npm +7 · Node-Tar +7

Name of the Vulnerable Software and Affected Versions: node-tar versions prior to 3.3.2, 4.4.14, 5.0.6, and 6.1.1 Description: The issue is related to the node-tar module for handling tar archives in Node.js, which has a problem with incorrect filtering of the '/' character sequence. This could...

9.8CVSS7.6AI score0.77766EPSS
Exploits36References286
Rows per page
Query Builder