MGASA-2022-0103

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2022-0103.html
Import Source
https://advisories.mageia.org/MGASA-2022-0103.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2022-0103
Related
Published
2022-03-21T20:18:30Z
Modified
2022-03-21T19:29:28Z
Summary
Updated nodejs-tar packages fix security vulnerability
Details

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. (CVE-2021-37712)

Arbitrary file creation/overwrite and arbitrary code execution. (CVE-2021-37701)

Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. (CVE-2021-32803)

Arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization (CVE-2021-32804)

References
Credits

Affected packages

Mageia:8 / nodejs-tar

Package

Name
nodejs-tar
Purl
pkg:rpm/mageia/nodejs-tar?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.5-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}