Npmjs Tar vulnerabilities
3 known vulnerabilities affecting npmjs/tar.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2021-37701HIGHCVSS 8.6fixed in 4.4.16≥ 5.0.0, < 5.0.8+1 more2021-08-31
CVE-2021-37701 [HIGH] CWE-22 CVE-2021-37701: The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlink
nvd
CVE-2021-37712HIGHCVSS 8.6≤ 4.4.17≥ 5.0.0, ≤ 5.0.9+1 more2021-08-31
CVE-2021-37712 [HIGH] CWE-22 CVE-2021-37712: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symli
nvd
CVE-2021-37713HIGHCVSS 8.6fixed in 4.4.18≥ 5.0.0, < 5.0.10+1 more2021-08-31
CVE-2021-37713 [HIGH] CWE-22 CVE-2021-37713: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of e
nvd