tar is vulnerable to Remote Code Execution (RCE). An attacker is able to exploit the vulnerability by modifying the symbolic link. The vulnerability exists due to the lack of sanitization of the symbolic link thus allowing the system to extract file through a maliciously modified symbolic link.
CPE | Name | Operator | Version |
---|---|---|---|
tar | le | 6.1.8 | |
tar | le | 5.0.9 | |
tar | le | 4.4.17 | |
tar | le | 4.4.13 | |
tar | le | 6.1.0 | |
nodejs:3.11 | eq | 12.21.0-r0 | |
nodejs:3.11 | eq | 12.22.1-r0 | |
nodejs:3.11 | eq | 12.15.0-r1 | |
nodejs:3.11 | eq | 12.22.2-r0 | |
nodejs:3.11 | eq | 12.22.4-r0 |