Npm Node-Tar vulnerabilities
4 known vulnerabilities affecting npm/node-tar.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2021-32803P3HIGHCVSS 8.1fixed in 3.2.2v>= 4.0.0, < 4.4.14+2 more2021-08-03
CVE-2021-32803 [HIGH] CWE-22 CVE-2021-32803: The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrar
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directorie
nvd
CVE-2021-37701P3HIGHCVSS 8.6fixed in 4.4.16v>= 5.0.0, < 5.0.8+1 more2021-08-31
CVE-2021-37701 [HIGH] CWE-22 CVE-2021-37701: The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlink
nvd
CVE-2021-37712P3HIGHCVSS 8.6fixed in 4.4.18v>= 5.0.0, < 5.0.10+1 more2021-08-31
CVE-2021-37712 [HIGH] CWE-22 CVE-2021-37712: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symli
nvd
CVE-2021-37713P3HIGHCVSS 8.6fixed in 4.4.18v>= 5.0.0, < 5.0.10+1 more2021-08-31
CVE-2021-37713 [HIGH] CWE-22 CVE-2021-37713: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of e
nvd