Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-38511
An issue exists in the tar crate prior to 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Tar Project Tar
6.4
CVSSv2
CVE-2018-20990
An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
Tar Project Tar
NA
CVE-2020-36566
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Tar-utils Project Tar-utils
6.4
CVSSv2
CVE-2018-20835
A vulnerability was found in tar-fs prior to 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file co...
Tar-fs Project Tar-fs
27 Github repositories
6.4
CVSSv2
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
6.8
CVSSv2
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.15.91
Gnu Tar 1.16
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14.90
Gnu Tar 1.15
5
CVSSv2
CVE-2022-25358
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar prior to 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
Awful-salmonella-tar Project Awful-salmonella-tar
5.8
CVSSv2
CVE-2021-32803
The npm package "tar" (aka node-tar) prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is no...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
5.8
CVSSv2
CVE-2021-32804
The npm package "tar" (aka node-tar) prior to 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into ...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
1 Github repository
7.5
CVSSv2
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Gnu Tar
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »