Lucene search
Veracode Vulnerability DatabaseVERACODE:31894HistorySep 01, 2021 - 4:59 a.m.
Symlink Attack
2021-09-0104:59:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
41
0.001 Low
EPSS
Percentile
48.3%
tar is vulnerable to symlink attack. The vulnerability exists due to the lack of checking if the symbolic link has been modified through the logic used both \\ and / characters as path separators.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tar | le | 6.1.6 | |
| tar | le | 5.0.7 | |
| tar | le | 4.4.15 | |
| tar | le | 4.4.13 | |
| tar | le | 6.1.0 | |
| nodejs:3.11 | eq | 12.22.4-r0 | |
| nodejs:3.11 | eq | 12.22.1-r0 | |
| nodejs:3.11 | eq | 12.15.0-r1 | |
| nodejs:3.11 | eq | 12.22.2-r0 | |
| nodejs:3.11 | eq | 12.21.0-r0 |
Related
ibm
ibm
redhatcve
redhatcve
CVE-2021-37701
2021-08-31 17:10:03
osv
osv
CVE-2021-37701
2021-08-31 17:15:07
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
2021-08-31 16:05:27
node-tar - security update
2021-11-11 00:00:00
nodejs
nodejs
debiancve
debiancve
CVE-2021-37701
2021-08-31 17:15:07
ubuntucve
ubuntucve
CVE-2021-37701
2021-08-31 00:00:00
cve
cve
CVE-2021-37701
2021-08-31 17:15:07
alpinelinux
alpinelinux
CVE-2021-37701
2021-08-31 17:15:07
prion
prion
Design/Logic Flaw
2021-08-31 17:15:00
nvd
nvd
CVE-2021-37701
2021-08-31 17:15:07
cvelist
cvelist
github
github
nessus
nessus
Debian DSA-5008-1 : node-tar - security update
2021-11-12 00:00:00
Debian DLA-3237-1 : node-tar - LTS security update
2022-12-12 00:00:00
Node.js Multiple Vulnerabilities (August 31st 2021 Security Releases)
2021-10-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5008-1)
2021-11-14 00:00:00
Debian: Security Advisory (DLA-3237-1)
2022-12-13 00:00:00
Mageia: Security Advisory (MGASA-2022-0103)
2022-03-22 00:00:00
debian
debian
[SECURITY] [DSA 5008-1] node-tar security update
2021-11-11 21:57:59
[SECURITY] [DLA 3237-1] node-tar security update
2022-12-12 14:15:54
mageia
mageia
Updated nodejs-tar packages fix security vulnerability
2022-03-21 23:18:30
Updated nodejs packages fix security vulnerability
2021-10-06 22:41:56
redhat
redhat
freebsd
freebsd
Node.js -- August 2021 Security Releases (2)
2021-08-31 00:00:00
suse
suse
Security update for nodejs14 (important)
2021-12-10 00:00:00
Security update for nodejs12 (important)
2021-12-06 00:00:00
Security update for nodejs14 (important)
2021-12-07 00:00:00
nodejsblog
nodejsblog
August 31 2021 Security Releases
2021-08-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
2021-09-01 00:00:00
almalinux
almalinux
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
rocky
rocky
12 bug fix and enhancement update
2022-06-21 11:47:44
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
oraclelinux
oraclelinux
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00