16 matches found
PT-2026-51115
Name of the Vulnerable Software and Affected Versions go.qbee.io/transport versions prior to v1.26.25 Description The extractTar routine in the go.qbee.io/transport library contains a symlink-chain path traversal issue. Because path validation is strictly lexical and does not account for on-disk...
PT-2026-24092
Name of the Vulnerable Software and Affected Versions Shescape versions prior to 2.1.9 Description Shescape is a JavaScript shell escape library. A flaw exists where an attacker may be able to bypass escaping for the shell being used, potentially leading to exposure of sensitive information. This...
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...
📄 Python Tarfile Bypass
This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...
Directory Traversal
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...
GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
Exploit for CVE-2025-4138
CVE-2025-4138 — Python tarfile filter="data" Bypass Arbitra...
Exploit for CVE-2025-4517
CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...
nodejs: Nodejs file permissions bypass
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
EUVD-2026-4138
@backstage/cli-common has a possible resolveSafeChildPath Symlink Chain Bypass...
CVE-2022-48579
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...
CVE-2022-48579
CVE-2022-48579 affects UnRAR prior to version 6.2.3, enabling extraction of files outside the destination folder via symlink chains. Public sources in connected documents confirm vulnerable versions and indicate fixes/updates: e.g., UnRAR 6.2.3+ addresses the issue; Debian LTS advisory DLA-3535-1...
CVE-2018-10722
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink...