CVE-2021-37712 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary file overwrite
Description	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file creation/overwrite and arbitrary code execution vulnerabilities.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2461	nodejs-lts-fermium	14.17.4-1		High	Not affected
AVG-2339	nodejs-lts-erbium	12.22.4-2		High	Not affected

References
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p