An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tar/RUSTSEC-2021-0080.md | Exploit Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2021-0080.html | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-08-10 16:15
Updated : 2021-08-18 07:47
NVD link : CVE-2021-38511
Mitre link : CVE-2021-38511
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
tar_project
- tar