Page 17 of 85 results (0.012 seconds)

CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2021-32803 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

https://notcve.org/view.php?id=CVE-2021-32803

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw https://www.npmjs.com/advisories/1771 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-32803 https://bugzilla.redhat.com/show_bug.cgi?id=1990415 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.6EPSS: 1%CPEs: 37EXPL: 2

CVE-2021-21349 – A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

https://notcve.org/view.php?id=CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. XStream es una biblioteca de Java para serializar objetos a XML y viceversa. • https://github.com/s-index/CVE-2021-21349 http://x-stream.github.io/changes.html#1.4.16 https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html https://lists.fedoraproject.org/archives • CWE-502: Deserialization of Untrusted Data CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2

CVE-2021-27290 – nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

https://notcve.org/view.php?id=CVE-2021-27290

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. ssri versión 5.2.2-8.0.0, corregido en versión 8.0.1, procesa los SRI usando una expresión regular que es vulnerable a una denegación de servicio. Los SRI maliciosos pueden tardar mucho en procesarse, conllevando a una denegación del servicio. Este problema solo afecta a consumidores que usan la opción estricta A flaw was found in ssri package. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf https://npmjs.com https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-16775 – Unauthorized File Access in npm CLI before before version 6.13.3

https://notcve.org/view.php?id=CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html https://access.redhat.com/errata/RHEA-2020:0330 https://access.redhat.com/errata/RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0602 https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx https://lists.fedoraproject&# • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •

CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0

CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS

https://notcve.org/view.php?id=CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •