Lucene search
Veracode Vulnerability DatabaseVERACODE:31484HistoryAug 04, 2021 - 6:36 a.m.
Symlink Attack
2021-08-0406:36:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
30
0.007 Low
EPSS
Percentile
80.2%
tar is vulnerable to symlink attack. An attacker is able to write files to arbitrary locations on the file system via a malicious tar file.
References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/advisories/GHSA-r628-mhmh-qjhw
github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
www.npmjs.com/advisories/1771
www.npmjs.com/package/tar
www.oracle.com/security-alerts/cpuoct2021.html
Related
nodejs
nodejs
openvas
openvas
Ubuntu: Security Advisory (USN-5283-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2022-0103)
2022-03-22 00:00:00
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)
2022-03-03 00:00:00
alpinelinux
alpinelinux
CVE-2021-32803
2021-08-03 19:15:08
CVE-2021-32804
2021-08-03 19:15:08
ubuntucve
ubuntucve
CVE-2021-32803
2021-08-03 00:00:00
CVE-2021-32804
2021-08-03 00:00:00
osv
osv
CVE-2021-32803
2021-08-03 19:15:08
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
2021-08-03 19:00:40
node-tar vulnerability
2022-02-11 14:43:32
debiancve
debiancve
CVE-2021-32803
2021-08-03 19:15:08
CVE-2021-32804
2021-08-03 19:15:08
cvelist
cvelist
nvd
nvd
CVE-2021-32803
2021-08-03 19:15:08
CVE-2021-32804
2021-08-03 19:15:08
ibm
ibm
prion
prion
Design/Logic Flaw
2021-08-03 19:15:00
Design/Logic Flaw
2021-08-03 19:15:00
ubuntu
ubuntu
Tar for Node.js vulnerability
2022-02-11 00:00:00
github
github
redhatcve
redhatcve
CVE-2021-32803
2021-08-05 11:20:20
cve
cve
CVE-2021-32803
2021-08-03 19:15:08
CVE-2021-32804
2021-08-03 19:15:08
nessus
nessus
Ubuntu 20.04 ESM : Tar for Node.js vulnerability (USN-5283-1)
2023-10-20 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)
2022-03-05 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
mageia
mageia
Updated nodejs-tar packages fix security vulnerability
2022-03-21 23:18:30
suse
suse
Security update for nodejs12 (important)
2022-03-02 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
nodejsblog
nodejsblog
August 31 2021 Security Releases
2021-08-31 00:00:00
freebsd
freebsd
Node.js -- August 2021 Security Releases (2)
2021-08-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
2021-09-01 00:00:00
rocky
rocky
nodejs:12 security and bug fix update
2021-09-21 12:33:58
nodejs:14 security and bug fix update
2021-09-27 06:47:35
redhat
redhat
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
(RHSA-2021:3666) Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
oraclelinux
oraclelinux
nodejs:12 security and bug fix update
2021-09-22 00:00:00
nodejs:14 security and bug fix update
2021-09-27 00:00:00
almalinux
almalinux
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00