Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-28863

Published: 21/03/2024 Updated: 22/03/2024

Vulnerability Summary

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

Github Repositories

https://github.com/efrei-ADDA84/20200689

Wrapper which returns the weather of a given location.

Global context of the module During various lab sessions, we will build a first a wrapper than an API which returns the weather forecast of a given location Labs made in the context of a DevOps module, Efrei Paris, M1 Big Data and Machine Learning TP1 In this lab, we had to create a wrapper and a docker image associated for the weather reports I chose to use nodejs, as I

References

https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7https://nvd.nist.govhttps://github.com/efrei-ADDA84/20200689
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook