Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
node-tar: Hardlink Path Traversal via Drive-Relative Linkpath
Vulnerability Description
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
node-tar 后置链接漏洞
Vulnerability Description
node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.10之前版本存在后置链接漏洞,该漏洞源于可被诱骗创建指向提取目录外的硬链接,可能导致文件覆盖。
CVSS Information
N/A
Vulnerability Type
N/A