Search CVE reports

Toggle filters

11 – 14 of 14 results

CVE-2021-32804

Medium priority
Needs evaluation

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of...

1 affected package

node-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-tar Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32803

Medium priority

Some fixes available 1 of 3

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose...

1 affected package

node-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-tar Not affected Not affected Fixed Not affected
Show less packages

CVE-2018-20834

Medium priority
Not affected

A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in...

1 affected package

node-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-tar Not affected
Show less packages

CVE-2015-8860

Medium priority

Some fixes available 2 of 7

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

1 affected package

node-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-tar Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON