CVE-2021-38511

Опубликовано: 10 авг. 2021

Источник: debian

EPSS Низкий

Описание

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rust-tar	fixed	0.4.37-1		package
rust-tar	no-dsa		bullseye	package
rust-tar	no-dsa		buster	package

Примечания

https://rustsec.org/advisories/RUSTSEC-2021-0080.html
https://github.com/alexcrichton/tar-rs/issues/238

EPSS

Процентиль: 56%

0.0034

Низкий

Связанные уязвимости

CVE-2021-38511

CVSS3: 7.5

ubuntu

больше 4 лет назад

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

CVE-2021-38511

CVSS3: 7.5

redhat

больше 5 лет назад

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

CVE-2021-38511

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

GHSA-62jx-8vmh-4mcw

CVSS3: 7.5

github

больше 4 лет назад

Links in archive can create arbitrary directories

EPSS

Процентиль: 56%

0.0034

Низкий