Severity
6.5
Medium severity
Details
- CVSS score
- 6.5
- CVSS vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- CWE ID
Overview
About vulnerability
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.Details
- Affected product:
- Acorn , AlmaLinux 9.2 ESU , Alpine Linux 3.22 , Angular , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , Debian 10 , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 7 , EL 8 , EL 9 , TuxCare 9.6 ESU , Ubuntu 18.04 , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04 , jpm , protractor , request , sign-addon , tar , tough-cookie , webdriver-manager
- Affected packages:
- @angular/cli @ 1.7.4 (+93 more)