2 matches found
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
Vulnerability fixed in Grafana Enterprise
A vulnerability has been fixed in the Snapshot functionality of Grafana. A malicious party could exploit the vulnerability to obtain sensitive information that should not have been shared with them should have been shared. Under certain circumstances, when "publicmode" is configured, an...