CVE-2015-8860

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Ссылки

http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
https://nodesecurity.io/advisories/57
Mitigation
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
https://nodesecurity.io/advisories/57
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

Версия до 1.8.4 (включая)

EPSS

Процентиль: 58%

0.00365

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2015-8860

CVSS3: 7.5

ubuntu

больше 8 лет назад

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

CVE-2015-8860

redhat

около 10 лет назад

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

CVE-2015-8860

CVSS3: 7.5

debian

больше 8 лет назад

The tar package before 2.0.0 for Node.js allows remote attackers to wr ...

GHSA-gfjr-3jmm-4g9v

CVSS3: 7.5

github

больше 7 лет назад

Symlink Arbitrary File Overwrite in tar

EPSS

Процентиль: 58%

0.00365

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59