CVE-2021-38511
- EPSS 0.34%
- Veröffentlicht 10.08.2021 23:15:07
- Zuletzt bearbeitet 21.11.2024 06:17:17
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
CVE-2021-32803
- EPSS 0.18%
- Veröffentlicht 03.08.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:46
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modifi...
CVE-2021-32804
- EPSS 85.52%
- Veröffentlicht 03.08.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:46
The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by t...
CVE-2018-20990
- EPSS 0.3%
- Veröffentlicht 26.08.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:02:38
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.