Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.49 views

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

8.2CVSS6.4AI score0.00253EPSS
Exploits4References2
EUVD
EUVD
added 2026/03/10 11:44 p.m.7 views

EUVD-2026-10403

node-tar Symlink Path Traversal via Drive-Relative Linkpath...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
Snyk
Snyk
added 2026/03/10 11:44 p.m.4 views

Symlink Attack

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...

8.2CVSS6.3AI score0.00253EPSS
Exploits4References2
Github Security Blog
Github Security Blog
added 2026/03/10 11:44 p.m.5 views

node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

8.2CVSS5.9AI score0.00253EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2026/03/10 7:44 a.m.12 views

UBUNTU-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-31802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction director...

8.2CVSS6.6AI score0.00253EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/03/09 9:11 p.m.44 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS0.00253EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.5 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.3 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:32 a.m.3 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.3 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/01/20 8:41 p.m.8 views

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

7.1CVSS5.8AI score0.01633EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-24117

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.11 Description The node-tar software contains a flaw where it can be manipulated into creating a symbolic link that points outside the intended extraction directory. This is achieved by utilizing a drive-relative...

8.8CVSS5.8AI score0.0034EPSS
Exploits4References208
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.6 views

SUSE CVE-2017-5188

The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...

7.5CVSS7.2AI score0.01167EPSS
Exploits0References3
Rows per page
Query Builder