CVE-2021-37701

Path Traversal in npm/tar

Identifiers

CVE-2021-37701, GHSA-9r2w-394v-53qc

Package Slug

npm/tar

Vulnerability

Path Traversal

Description

This npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted.

Affected Versions

All versions before 4.4.16, all versions starting from 5.0.0 before 5.0.8, all versions starting from 6.0.0 before 6.1.7

Solution

Upgrade to versions 4.4.16, 5.0.8, 6.1.7 or above.

Last Modified

2021-09-16

source