Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37712 - log back

CVE-2021-37712 edited at 31 Aug 2021 20:10:35

Remote

-	Unknown
+	Local

CVE-2021-37712 created at 31 Aug 2021 19:46:54

Severity

+

High

Remote

+

Unknown

Type

+	Arbitrary file overwrite

Description

+	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.18, 5.0.10, and 6.1.9 is vulnerable to arbitrary file creation/overwrite and arbitrary code execution vulnerabilities.

References

+	https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
+	https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p

Notes