Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

Veracode Vulnerability DatabaseVERACODE:31484

HistoryAug 04, 2021 - 6:36 a.m.

Vulners
/
Veracode
/
Symlink Attack

Symlink Attack

2021-08-0406:36:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.007

Percentile

80.2%

JSON

tar is vulnerable to symlink attack. An attacker is able to write files to arbitrary locations on the file system via a malicious tar file.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

github.com/advisories/GHSA-r628-mhmh-qjhw

github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20

github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw

www.npmjs.com/advisories/1771

www.npmjs.com/package/tar

www.oracle.com/security-alerts/cpuoct2021.html

ibm 19

osv 9

alpinelinux 2

nodejs 1

openvas 15

cvelist 2

ubuntucve 2

debiancve 2

nessus 25

cve 2

redhatcve 1

github 3

ubuntu 1

prion 2

nvd 2

mageia 1

suse 6

altlinux 1

nodejsblog 1

freebsd 1

almalinux 2

rocky 2

redhat 8

oraclelinux 2

ics 1

oracle 1

ibm

Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-32803)

2021-11-24 11:36:33

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32803

2021-10-20 10:09:02

Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services

2021-11-09 18:30:13

osv

node-tar vulnerability

2022-02-11 14:43:32

CVE-2021-32803

2021-08-03 19:15:08

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

2021-08-03 19:00:40

alpinelinux

CVE-2021-32803

2021-08-03 19:15:08

CVE-2021-32804

2021-08-03 19:15:08

nodejs

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

2021-08-03 18:14:17

openvas

Ubuntu: Security Advisory (USN-5283-1)

2023-01-27 00:00:00

Mageia: Security Advisory (MGASA-2022-0103)

2022-03-22 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0657-1)

2022-03-02 00:00:00

cvelist

CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

2021-08-03 19:05:12

CVE-2021-32804 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

2021-08-03 19:10:12

ubuntucve

CVE-2021-32803

2021-08-03 00:00:00

CVE-2021-32804

2021-08-03 00:00:00

debiancve

CVE-2021-32803

2021-08-03 19:15:08

CVE-2021-32804

2021-08-03 19:15:08

nessus

Ubuntu 20.04 ESM : Tar for Node.js vulnerability (USN-5283-1)

2023-10-20 00:00:00

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)

2022-02-22 00:00:00

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)

2022-03-05 00:00:00

cve

CVE-2021-32803

2021-08-03 19:15:08

CVE-2021-32804

2021-08-03 19:15:08

redhatcve

CVE-2021-32803

2021-08-05 11:20:20

github

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

2021-08-03 19:00:40

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

2021-08-03 19:06:36

GitHub security update: Vulnerabilities in tar and @npmcli/arborist

2021-09-08 16:00:32

ubuntu

Tar for Node.js vulnerability

2022-02-11 00:00:00

prion

Design/Logic Flaw

2021-08-03 19:15:00

Design/Logic Flaw

2021-08-03 19:15:00

nvd

CVE-2021-32803

2021-08-03 19:15:08

CVE-2021-32804

2021-08-03 19:15:08

mageia

Updated nodejs-tar packages fix security vulnerability

2022-03-21 23:18:30

suse

Security update for nodejs8 (important)

2022-03-04 00:00:00

Security update for nodejs14 (important)

2022-03-04 00:00:00

Security update for nodejs12 (important)

2022-03-02 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 14.17.6-alt1

2021-09-01 00:00:00

nodejsblog

August 31 2021 Security Releases

2021-08-31 00:00:00

freebsd

Node.js -- August 2021 Security Releases (2)

2021-08-31 00:00:00

almalinux

Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

rocky

nodejs:12 security and bug fix update

2021-09-21 12:33:58

nodejs:14 security and bug fix update

2021-09-27 06:47:35

redhat

(RHSA-2021:3666) Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

(RHSA-2021:3623) Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

(RHSA-2021:5086) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update

2021-12-13 15:19:23

oraclelinux

nodejs:12 security and bug fix update

2021-09-22 00:00:00

nodejs:14 security and bug fix update

2021-09-27 00:00:00

ics

Siemens SINEC INS

2022-03-10 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.007

Percentile

80.2%

JSON

Related for VERACODE:31484