Описание
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| cosmic | not-affected | 4.4.4+ds1-2 |
| devel | not-affected | |
| disco | not-affected | |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | DNE | |
| trusty/esm | not-affected | code not present |
| upstream | released | 4.4.4+ds1-2 |
Показывать по
EPSS
6.4 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
A vulnerability was found in node-tar before version 4.4.2 (excluding ...
Уязвимость модуля node-tar библиотеки Node.js, позволяющая нарушителю заменить существующее содержимое файла
EPSS
6.4 Medium
CVSS2
7.5 High
CVSS3