tar is vulnerable to symlink attack. The vulnerability exists due to the lack of checking if the symbolic link has been modified through the logic used both \\
and /
characters as path separators.
CPE | Name | Operator | Version |
---|---|---|---|
tar | le | 6.1.6 | |
tar | le | 5.0.7 | |
tar | le | 4.4.15 | |
tar | le | 4.4.13 | |
tar | le | 6.1.0 | |
nodejs:3.11 | eq | 12.22.4-r0 | |
nodejs:3.11 | eq | 12.22.1-r0 | |
nodejs:3.11 | eq | 12.15.0-r1 | |
nodejs:3.11 | eq | 12.22.2-r0 | |
nodejs:3.11 | eq | 12.21.0-r0 |