Back to search
CVE-2018-20834
Published: Apr 30, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://hackerone.com/reports/344595
x_refsource_MISC
https://github.com/npm/node-tar/compare/58a8d43...a5f7779
x_refsource_MISC
RHSA-2019:1821
vendor-advisory
x_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2018-20834
x_refsource_MISC
https://github.com/npm/node-tar/commits/v2.2.2
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now