Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37701 - log back

CVE-2021-37701 edited at 31 Aug 2021 19:41:44

Description

-	The 'nodejs-lts-erbium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.
+	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.

CVE-2021-37701 created at 31 Aug 2021 19:41:02

Severity

+

High

Remote

+

Local

Type

+	Arbitrary file overwrite

Description

+	The 'nodejs-lts-erbium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.

References

+	https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
+	https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc

Notes