JLSEC-2025-236
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-236.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-236.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2025-236
- Upstream
- Published
- 2025-11-25T22:03:17.636Z
- Modified
- 2025-11-25T22:33:18.829721Z
- Summary
- An improper link resolution flaw can occur while extracting an archive leading to changing modes, ti...
- Details
-
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
- Database specific
{ "sources": [ { "modified": "2024-11-21T06:05:55.217Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-31566", "imported": "2025-11-25T21:58:26.862Z", "published": "2022-08-23T16:15:09.337Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31566", "id": "CVE-2021-31566" } ], "license": "CC-BY-4.0" }- References
-
- https://access.redhat.com/security/cve/CVE-2021-31566
- https://bugzilla.redhat.com/show_bug.cgi?id=2024237
- https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
- https://github.com/libarchive/libarchive/issues/1566
- https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html