Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
Vulnerability Description
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
node-tar 安全漏洞
Vulnerability Description
node-tar是一款用于文件压缩/解压缩的软件包。 node-tar 6.2.1之前版本存在安全漏洞,该漏洞源于对文件夹创建过程中创建的子文件夹的数量没有限制,攻击者利用该漏洞可以生成大量子文件夹消耗系统上的内存。
CVSS Information
N/A
Vulnerability Type
N/A