3 matches found
CVE-2021-37712
CVE-2021-37712 affects the npm package node-tar (tar). The issue arises from insufficient symlink protection during extraction: a directory cache could be poisoned by a misrepresented path when a tar contains a directory and a symlink whose names Unicode-normalize to the same value, bypassing che...
CVE-2021-37701
CVE-2021-37701 (node-tar) affects the tar handling in node-tar where symlink-based directory cache poisoning enables arbitrary file creation/overwrite during extraction. The vulnerability arises from insufficient protection when an archive contains a directory followed by a symlink that shares th...
CVE-2021-37713
The CVE-2021-37713 issue concerns the npm package tar (node-tar) on Windows where extraction could create or overwrite arbitrary files and execute code due to insufficient path sanitization for drive-letter paths (e.g., C: paths) that differ from the extraction target. The vulnerability arises wh...