CVE-2021-37701 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary file overwrite
Description	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2461	nodejs-lts-fermium	14.17.4-1		High	Not affected
AVG-2339	nodejs-lts-erbium	12.22.4-2		High	Not affected

References
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc