Lucene search
K

5 matches found

CVE
CVE
added 2021/08/03 7:5 p.m.2376 views

CVE-2021-32803

CVE-2021-32803 concerns the npm package tar (node-tar) with an arbitrary File Creation/Overwrite vulnerability due to insufficient symlink protection when extracting tar files. The issue arises from a directory cache and mkdir-skip logic that can be bypassed when a directory and a symlink share t...

8.2CVSS7.6AI score0.07795EPSS
CVE
CVE
added 2021/08/03 7:10 p.m.1888 views

CVE-2021-32804

The CVE-2021-32804 entry concerns the npm package tar (node-tar). Affected versions before 6.1.1, 5.0.6, 4.4.14, and 3.3.2 contain an arbitrary File Creation/Overwrite vulnerability caused by insufficient absolute path sanitization during extraction. node-tar attempts to prevent absolute paths by...

8.2CVSS7.6AI score0.15014EPSS
CVE
CVE
added 2026/03/20 7:11 a.m.102 views

CVE-2026-33056

The tar-rs Rust library (versions

6.5CVSS5.9AI score0.00379EPSS
CVE
CVE
added 2021/08/10 10:12 p.m.98 views

CVE-2021-38511

CVE-2021-38511 affects the Rust tar crate prior to 0.4.36. When a TAR archive contains symlinks, extraction can perform a directory traversal with “..”, potentially creating arbitrary directories. Practical impact is described as partial integrity/authoritative access loss during extraction; expl...

7.5CVSS7.4AI score0.01392EPSS
CVE
CVE
added 2019/08/26 12:39 p.m.69 views

CVE-2018-20990

CVE-2018-20990 affects the tar crate for Rust (pre-0.4.16). The issue is that arbitrary file overwrite can occur via a symlink or hardlink inside a TAR archive, representing a path traversal-like risk when unpacking archives. The available documents identify the vulnerable component and the under...

7.5CVSS7.3AI score0.01676EPSS