Tar Project Tar vulnerabilities

5 known vulnerabilities affecting tar_project/tar.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-33056MEDIUMCVSS 5.1fixed in 0.4.452026-03-20
CVE-2026-33056 [MEDIUM] CWE-61 CVE-2026-33056: tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacki tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory en
nvd
CVE-2021-38511HIGHCVSS 7.5fixed in 0.4.362021-08-10
CVE-2021-38511 [HIGH] CWE-59 CVE-2021-38511: An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
nvd
CVE-2021-32803HIGHCVSS 8.1fixed in 3.2.3≥ 4.0.0, < 4.4.15+2 more2021-08-03
CVE-2021-32803 [HIGH] CWE-22 CVE-2021-32803: The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrar The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directorie
nvd
CVE-2021-32804HIGHCVSS 8.1fixed in 3.2.2≥ 4.0.0, < 4.4.14+2 more2021-08-03
CVE-2021-32804 [HIGH] CVE-2021-32804: The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved
nvd
CVE-2018-20990HIGHCVSS 7.5fixed in 0.4.162019-08-26
CVE-2018-20990 [HIGH] CWE-59 CVE-2018-20990: An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
nvd