Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.10 views

tar-rs `unpack_in` can chmod arbitrary directories by following symlinks

Summary When unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes...

6.5CVSS5.9AI score0.00379EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/02/25 11:34 p.m.8 views

EUVD-2026-8778

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...

8.8CVSS5.8AI score0.0049EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1004

Malware in sbrugna...

7.1CVSS6.5AI score0.01587EPSS
Exploits1References26
SUSE Linux
SUSE Linux
added 2024/11/06 10:13 a.m.1 views

Security update for gradle

This update for gradle fixes the following issues: CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location bsc1212931. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS9.4AI score0.00492EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 9:15 p.m.4 views

CVE-2020-26312

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

8.1CVSS5.8AI score0.00441EPSS
Exploits0References2
OSV
OSV
added 2020/12/03 8:15 p.m.1 views

UBUNTU-CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0...

7.5CVSS7.1AI score0.02783EPSS
Exploits1References5
Rows per page
Query Builder