13 matches found
CLEANSTART-2026-MU17611 tar
Multiple security vulnerabilities affect the helm package. tar. See references for individual vulnerability details...
CVE-2023-39804 affecting package tar for versions less than 1.34-3
CVE-2023-39804 affecting package tar for versions less than 1.34-3. A patched version of the package is available...
Ubuntu 20.04 ESM : Tar for Node.js vulnerability (USN-5283-1)
The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5283-1 advisory. It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a...
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2022:0704-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...
openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1574-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1574-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...
SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:3940-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3940-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in...
openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:3940-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3940-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:3886-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3886-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in...
Oracle Linux 8 : nodejs:12 (ELSA-2021-3623)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3623 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...
CVE-2021-37701
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...
CVE-2021-37712
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...
-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +2025 more potentially affected by CVE-2021-37712 via tar (>=6.0.0 <=6.1.8)
tar NPM version =6.0.0, =1.0.0, =1.4.0-beta, =0.0.9, =0.0.1, =1.6.0, =4.14.0, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.28 and more Source cves: CVE-2021-37712 Source advisory: OSV:GHSA-QQ89-HQ3F-393P...
Security fix for the ALT Linux 8 package tar version 1.29.0.19.d061-alt1
1.29.0.19.d061-alt1 built March 28, 2017 Dmitry V. Levin in task 180955 --- March 20, 2017 Dmitry V. Levin - tar: release128-39-gd02c81d - release129-19-gd06126f fixes: CVE-2016-6321. - tar: added --lz4 and --zstd options. - gnulib: v0.1-585-g2fda85e - v0.1-1209-g24b3216...