Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
Vulnerability Description
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
node-tar 后置链接漏洞
Vulnerability Description
node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.7之前版本存在后置链接漏洞,该漏洞源于硬链接条目的安全检查与创建逻辑不匹配,可能导致绕过路径遍历保护。
CVSS Information
N/A
Vulnerability Type
N/A