3 matches found
Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...
CVE-2025-48387
Summary of CVE-2025-48387 (tar-fs) : A path-traversal risk in tar-fs bindings for tar-stream affects releases prior to 3.0.9, 2.1.3, and 1.16.5, where extracting certain tarballs can write outside the intended directory. The issue has been fixed in 3.0.9, 2.1.3, and 1.16.5. As a workaround, you c...