Lucene search
GoogleOSV:GHSA-GFJR-3JMM-4G9VHistoryOct 24, 2017 - 6:33 p.m.
Symlink Arbitrary File Overwrite in tar
2017-10-2418:33:36
Google
osv.dev
14
EPSS
0.002
Percentile
55.6%
Versions of tar prior to 2.0.0 are affected by an arbitrary file write vulnerability. The vulnerability occurs because tar does not verify that extracted symbolic links to not resolve to targets outside of the extraction root directory.
Recommendation
Update to version 2.0.0 or later
Related
ubuntucve
ubuntucve
CVE-2015-8860
2017-01-23 00:00:00
nodejs
nodejs
Symlink Arbitrary File Overwrite
2015-11-03 07:15:12
cvelist
cvelist
CVE-2015-8860
2017-01-23 21:00:00
osv
osv
node-tar vulnerability
2021-03-15 20:52:28
nessus
nessus
Ubuntu 16.04 ESM : node-tar vulnerability (USN-4777-1)
2023-10-20 00:00:00
cve
cve
CVE-2015-8860
2017-01-23 21:59:00
ibm
ibm
openvas
openvas
Ubuntu: Security Advisory (USN-4777-1)
2023-01-27 00:00:00
nvd
nvd
CVE-2015-8860
2017-01-23 21:59:00
debiancve
debiancve
CVE-2015-8860
2017-01-23 21:59:00
prion
prion
Code injection
2017-01-23 21:59:00
ubuntu
ubuntu
node-tar vulnerability
2021-03-15 00:00:00
github
github
Symlink Arbitrary File Overwrite in tar
2017-10-24 18:33:36
