Npm Node-Tar vulnerabilities
5 known vulnerabilities affecting npm/node-tar.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5
Vulnerabilities
Page 1 of 1
CVE-2021-37701HIGHCVSS 8.6fixed in 4.4.16v>= 5.0.0, < 5.0.8+1 more2021-08-31
CVE-2021-37701 [HIGH] CWE-22 CVE-2021-37701: The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlink
cvelistv5nvd
CVE-2021-37713HIGHCVSS 8.6fixed in 4.4.18v>= 5.0.0, < 5.0.10+1 more2021-08-31
CVE-2021-37713 [HIGH] CWE-22 CVE-2021-37713: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of e
cvelistv5nvd
CVE-2021-37712HIGHCVSS 8.6fixed in 4.4.18v>= 5.0.0, < 5.0.10+1 more2021-08-31
CVE-2021-37712 [HIGH] CWE-22 CVE-2021-37712: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symli
cvelistv5nvd
CVE-2021-32803HIGHCVSS 8.1fixed in 3.2.2v>= 4.0.0, < 4.4.14+2 more2021-08-03
CVE-2021-32803 [HIGH] CWE-22 CVE-2021-32803: The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrar
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directorie
cvelistv5nvd
CVE-2021-32804HIGHCVSS 8.2fixed in 3.2.2v>= 4.0.0, < 4.4.14+2 more2021-08-03
CVE-2021-32804 [HIGH] CWE-22 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preser
cvelistv5