5 matches found
CVE-2021-32803
CVE-2021-32803 concerns the npm package tar (node-tar) with an arbitrary File Creation/Overwrite vulnerability due to insufficient symlink protection when extracting tar files. The issue arises from a directory cache and mkdir-skip logic that can be bypassed when a directory and a symlink share t...
CVE-2021-32804
The CVE-2021-32804 entry concerns the npm package tar (node-tar). Affected versions before 6.1.1, 5.0.6, 4.4.14, and 3.3.2 contain an arbitrary File Creation/Overwrite vulnerability caused by insufficient absolute path sanitization during extraction. node-tar attempts to prevent absolute paths by...
CVE-2026-33056
The tar-rs Rust library (versions
CVE-2021-38511
CVE-2021-38511 affects the Rust tar crate prior to 0.4.36. When a TAR archive contains symlinks, extraction can perform a directory traversal with “..”, potentially creating arbitrary directories. Practical impact is described as partial integrity/authoritative access loss during extraction; expl...
CVE-2018-20990
CVE-2018-20990 affects the tar crate for Rust (pre-0.4.16). The issue is that arbitrary file overwrite can occur via a symlink or hardlink inside a TAR archive, representing a path traversal-like risk when unpacking archives. The available documents identify the vulnerable component and the under...