Homepage

org.webjars.npm:tar-fs@3.0.8 vulnerabilities

  • latest version

    3.0.8

  • first published

    9 years ago

  • latest version published

    20 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:tar-fs package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Link Resolution Before File Access ('Link Following')

    org.webjars.npm:tar-fs is a filesystem bindings for tar-stream.

    Affected versions of this package are vulnerable to Improper Link Resolution Before File Access ('Link Following') through the exports.extract function. An attacker can manipulate the path of extracted files to write outside the intended directory by crafting a malicious tarball.

    How to fix Improper Link Resolution Before File Access ('Link Following')?

    There is no fixed version for org.webjars.npm:tar-fs.

    [0,)
    • H
    Symlink Attack

    org.webjars.npm:tar-fs is a filesystem bindings for tar-stream.

    Affected versions of this package are vulnerable to Symlink Attack via the extraction process of a maliciously crafted tar file. An attacker can overwrite or write unauthorized files outside the intended directory by exploiting the path traversal and link following vulnerabilities.

    How to fix Symlink Attack?

    A fix was pushed into the master branch but not yet published.

    [0,)
    Go back to all versions of this package