The vulnerabilities of the unzip() and untar() functions in the Deep Java Library (DJL) allow a hacker to write arbitrary files.

The vulnerability of the unzip and untar functions in the Deep Java Library DJL is related to improper external handling of file names or paths. Exploiting this vulnerability allows a malicious actor to write any files they desire remotely...

The vulnerability in the implementation of the unTar() function for the distributed development and execution platform of Apache Hadoop allows a hacker to write arbitrary files.

The vulnerability of the unTar function implementation in the distributed development and execution platform for Apache Hadoop is related to deficiencies in checking the path name of the restricted-access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files...

Path traversal in Hadoop

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...