Rewterz Threat Advisory –Multiple Vulnerabilities In Junos Space Log Collector
August 4, 2021Rewterz Threat Advisory –CVE-2021-33195 – IBM App Connect Security Vulnerability
August 4, 2021Rewterz Threat Advisory –Multiple Vulnerabilities In Junos Space Log Collector
August 4, 2021Rewterz Threat Advisory –CVE-2021-33195 – IBM App Connect Security Vulnerability
August 4, 2021Severity
High
Analysis Summary
CVE-2021-32804
Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute path sanitization. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.
CVE-2021-32803
Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient symlink protection. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.
Impact
- Code Execution
- Credential Theft
Affected Vendors
Node.js
Affected Products
- Node.js tar 3.2.0
- Node.js tar 4.4.0
- Node.js tar 5.0.0
- Node.js tar 6.1.0
Remediation
Upgrade to the latest version available at NPM Web site.