Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
node-tar vulnerable to race condition leading to uninitialized memory exposure
Vulnerability Description
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
node-tar 安全漏洞
Vulnerability Description
node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.1版本存在安全漏洞,该漏洞源于使用.t读取tar条目内容时返回未初始化内存内容,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A