Описание
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp20/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp21/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp22/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp24/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp25/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp26/system | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp2/system-rhel7 | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
node-tar is a full-featured Tar for Node.js. When using default option ...
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
EPSS
7.1 High
CVSS3