org.webjars.npm:tar 7.4.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:tar package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the `extract()` function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archive containing a chain of symlinks leading to a hardlink, which bypasses path validation checks. How to fix Directory Traversal? There is no fixed version for `org.webjars.npm:tar`.	[0,)
M Directory Traversal org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via processing of hardlinks. An attacker can read or overwrite arbitrary files on the file system by crafting a malicious TAR archive that bypasses path traversal protections during extraction. How to fix Directory Traversal? A fix was pushed into the `master` branch but not yet published.	[0,)
M Directory Traversal org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the `linkpath` parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links by crafting a tar archive with hardlink or symlink entries that resolve outside the intended extraction directory. How to fix Directory Traversal? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Handling of Unicode Encoding org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S (`ß`) Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions in filenames within a malicious tar archive on case-insensitive or normalization-insensitive filesystems. Note: This is only exploitable if the system is running on a filesystem such as macOS APFS or HFS+ that ignores Unicode normalization. How to fix Improper Handling of Unicode Encoding? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Directory Traversal

org.webjars.npm:tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Directory Traversal via the extract() function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archive containing a chain of symlinks leading to a hardlink, which bypasses path validation checks.

How to fix Directory Traversal?

There is no fixed version for org.webjars.npm:tar.

[0,)

Directory Traversal

org.webjars.npm:tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Directory Traversal via processing of hardlinks. An attacker can read or overwrite arbitrary files on the file system by crafting a malicious TAR archive that bypasses path traversal protections during extraction.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)

Directory Traversal

org.webjars.npm:tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links by crafting a tar archive with hardlink or symlink entries that resolve outside the intended extraction directory.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Handling of Unicode Encoding

org.webjars.npm:tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S (ß) Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions in filenames within a malicious tar archive on case-insensitive or normalization-insensitive filesystems.

Note:

This is only exploitable if the system is running on a filesystem such as macOS APFS or HFS+ that ignores Unicode normalization.

How to fix Improper Handling of Unicode Encoding?

A fix was pushed into the master branch but not yet published.

[0,)

org.webjars.npm:tar@7.4.3 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically