Описание
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | cincinnati-container | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1993525tar-crate: links in archive can create arbitrary directories
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 4 лет назад
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
CVSS3: 7.5
nvd
больше 4 лет назад
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
CVSS3: 7.5
debian
больше 4 лет назад
An issue was discovered in the tar crate before 0.4.36 for Rust. When ...
CVSS3: 7.5
github
больше 4 лет назад
Links in archive can create arbitrary directories
7.5 High
CVSS3