CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

node-tar 路径遍历漏洞

node-tar is a package for file compression/decompression. A path traversal vulnerability exists in node-tar, which stems from an arbitrary file creation override and arbitrary code execution vulnerability in the npm package "tar" aka node-tar before 4.4.18, 5.0.10, and 6.1.9. An attacker could us...

PT-2021-7037 · Npm +6 · Node-Tar +6

Name of the Vulnerable Software and Affected Versions: node-tar versions prior to 4.4.18 node-tar versions prior to 5.0.10 node-tar versions prior to 6.1.9 Description: The issue is related to the handling of tar archives by the node-tar module, which can lead to arbitrary file creation, overwrit...