Lucene search
K

7 matches found

OSV
OSV
added 2026/05/06 5:26 p.m.5 views

GHSA-XX64-WWV2-HCQQ astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks

Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...

6.9CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.12 views

astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks

Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/23 8:15 p.m.2 views

UBUNTU-CVE-2025-59825

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS6AI score0.00202EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/23 8:0 p.m.1 views

CVE-2025-59825 astral-tokio-tar has a path traversal in tar extraction

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS7.2AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/23 8:0 p.m.16 views

CVE-2025-59825 astral-tokio-tar has a path traversal in tar extraction

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/09/23 8:0 p.m.1 views

CVE-2025-59825 astral-tokio-tar has a path traversal in tar extraction

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS7.3AI score0.00202EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/23 5:45 p.m.8 views

astral-tokio-tar has a path traversal in tar extraction

Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...

8.6CVSS7.8AI score0.00202EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder