CVE-2021-32804 – Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
https://notcve.org/view.php?id=CVE-2021-32804
The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. • https://github.com/yamory/CVE-2021-32804 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 https://www.npmjs.com/advisories/1770 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-32804 https://bugzilla.redhat.com/show_bug.cgi?id=1990409 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-32803 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
https://notcve.org/view.php?id=CVE-2021-32803
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw https://www.npmjs.com/advisories/1771 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-32803 https://bugzilla.redhat.com/show_bug.cgi?id=1990415 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-2388 – OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
https://notcve.org/view.php?id=CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://security.gentoo.org/glsa/202209-05 https://security.netapp.com/advisory/ntap-20210723-0002 https://www.debian.org/security/2021/dsa-4946 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-2388 https://bugzilla.redhat.com/show_bug.cgi?id=1983075 • CWE-697: Incorrect Comparison •
CVE-2021-2341 – OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
https://notcve.org/view.php?id=CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TTUHVQF2MGUTP6GTCXLZS4GXK3XUWC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N57OFX5EJKHHDW4WAOBZFWA5CL4VIIK5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJJ75FHSUZGWPV4UJTSMQHWLOQ77LHTG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTRQIXB52KIXUAO6JBYUKYWX • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-2369 – OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
https://notcve.org/view.php?id=CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. • https://bugzilla.redhat.com/show_bug.cgi?id=1982879 https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://security.gentoo.org/glsa/202209-05 https://security.netapp.com/advisory/ntap-20210723-0002 https://www.debian.org/security/2021/dsa-4946 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-2369 • CWE-347: Improper Verification of Cryptographic Signature •