ReportizFlow
Filtered by vendor Tar-fs Project
Subscriptions
Filtered by product Tar-fs
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59343 | 1 Tar-fs Project | 1 Tar-fs | 2025-09-26 | 7.5 High |
| tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. | ||||
| CVE-2018-20835 | 1 Tar-fs Project | 1 Tar-fs | 2024-11-21 | N/A |
| A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | ||||
Page 1 of 1.