Количество 11
Количество 11
CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVE-2024-28863
CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...
GHSA-f5x3-32g6-xq36
Denial of service while parsing a tar file due to lack of folders count validation
BDU:2024-09418
Уязвимость модуля node-tar библиотеки Node.js, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2024-6148
ELSA-2024-6148: nodejs:18 security update (MODERATE)
ELSA-2024-6147
ELSA-2024-6147: nodejs:18 security update (MODERATE)
ELSA-2024-5814
ELSA-2024-5814: nodejs:20 security update (MODERATE)
ROS-20241029-08
Множественные уязвимости opensearch
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28863 node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28863 node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28863 node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | CVSS3: 6.5 | 0% Низкий | больше 1 года назад | |
| CVE-2024-28863 node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ... | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| GHSA-f5x3-32g6-xq36 Denial of service while parsing a tar file due to lack of folders count validation | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | BDU:2024-09418 Уязвимость модуля node-tar библиотеки Node.js, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| ELSA-2024-6148 ELSA-2024-6148: nodejs:18 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-6147 ELSA-2024-6147: nodejs:18 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-5814 ELSA-2024-5814: nodejs:20 security update (MODERATE) | около 1 года назад | ||
 | ROS-20241029-08 Множественные уязвимости opensearch | CVSS3: 7.5 | около 1 года назад |
Уязвимостей на страницу