[USN-5283-1] Tar for Node.js vulnerability
Severity
High
Affected Packages
1
CVEs
1
Tar for Node.js would allow unintended access to files if it received specially crafted input.
It was discovered that Tar for Node.js did not properly sanitize path inputs.
An attacker could possibly use this issue to read arbitrary files, resulting
in a directory traversal attack.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/node-tar?distro=focal | < 4.4.10+ds1-2ubuntu1+esm1 |
- ID
- USN-5283-1
- Severity
- high
- Severity from
- CVE-2021-32803
- URL
- https://ubuntu.com/security/notices/USN-5283-1
- Published
-
2022-02-11T14:43:32
(2 years ago) - Modified
-
2022-02-11T14:43:32
(2 years ago) - Other Advisories
-
- ALSA-2021:3623
- ALSA-2021:3666
- ELSA-2021-3623
- ELSA-2021-3666
- FREEBSD:7062BCE0-1B17-11EC-9D9D-0022489AD614
- NPM:GHSA-R628-MHMH-QJHW
- openSUSE-SU-2022:0657-1
- openSUSE-SU-2022:0704-1
- openSUSE-SU-2022:0715-1
- RHSA-2021:3623
- RHSA-2021:3666
- RLSA-2021:3623
- RLSA-2021:3666
- SUSE-SU-2022:0531-1
- SUSE-SU-2022:0563-1
- SUSE-SU-2022:0569-1
- SUSE-SU-2022:0570-1
- SUSE-SU-2022:0657-1
- SUSE-SU-2022:0704-1
- SUSE-SU-2022:0715-1
- SUSE-SU-2022:1717-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/node-tar?distro=focal | ubuntu | node-tar | < 4.4.10+ds1-2ubuntu1+esm1 | focal |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |