Threat Encyclopedia



This indicates an attack attempt to exploit an Arbitrary File Overwrite Vulnerability in applications that handles TAR archive files.
The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending a malicious TAR to applications which has malformed file name. Successful exploitation could result in arbitrary file overwrite in the target user's system.

affected-products-logoAffected Products

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References