exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

BDU:2025-10095

4 месяца назад

Уязвимость пакета tar-fs библиотеки для потоковой обработки файлов формата tar tar-stream программной платформы Node.js, позволяющая нарушителю записывать произвольные файлы

CVSS3: 9.8

EPSS: Низкий

CVE-2025-48387

4 месяца назад

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

EPSS: Низкий

CVE-2025-48387

4 месяца назад

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

CVSS3: 7.3

EPSS: Низкий

CVE-2025-48387

4 месяца назад

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

EPSS: Низкий

CVE-2025-48387

2 месяца назад

EPSS: Низкий

CVE-2025-48387

4 месяца назад

tar-fs provides filesystem bindings for tar-stream. Versions prior to ...

EPSS: Низкий

GHSA-8cj5-5rvv-wf4v

4 месяца назад

tar-fs can extract outside the specified dir with a specific tarball

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2025-10095 Уязвимость пакета tar-fs библиотеки для потоковой обработки файлов формата tar tar-stream программной платформы Node.js, позволяющая нарушителю записывать произвольные файлы	CVSS3: 9.8	0% Низкий	4 месяца назад
CVE-2025-48387 tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.		0% Низкий	4 месяца назад
CVE-2025-48387 tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.	CVSS3: 7.3	0% Низкий	4 месяца назад
CVE-2025-48387 tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.		0% Низкий	4 месяца назад
CVE-2025-48387		0% Низкий	2 месяца назад
CVE-2025-48387 tar-fs provides filesystem bindings for tar-stream. Versions prior to ...		0% Низкий	4 месяца назад
GHSA-8cj5-5rvv-wf4v tar-fs can extract outside the specified dir with a specific tarball		0% Низкий	4 месяца назад

Уязвимостей на страницу