Control: tags -1 + confirmed On Wed, 2021-08-11 at 22:35 +0200, Yadd wrote: > node-tar is vulnerable to 2 CVE: > * #992110, CVE-2021-32803: arbitrary File Creation/Overwrite > vulnerability via insufficient symlink protection > * #992111, CVE-2021-32804: arbitrary File Creation/Overwrite > vulnerability due to insufficient absolute path sanitization >
Please go ahead; sorry for the delivery. Regards, Adam
