Описание
Symlink Arbitrary File Overwrite in tar
Versions of tar prior to 2.0.0 are affected by an arbitrary file write vulnerability. The vulnerability occurs because tar does not verify that extracted symbolic links to not resolve to targets outside of the extraction root directory.
Recommendation
Update to version 2.0.0 or later
Пакеты
tar
< 2.0.0
2.0.0
Связанные уязвимости
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
The tar package before 2.0.0 for Node.js allows remote attackers to wr ...