Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/tar@6.1.9
Typenpm
Namespace
Nametar
Version6.1.9
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.2.1
Latest_non_vulnerable_version7.5.11
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-99ay-1qy7-83ff
vulnerability_id VCID-99ay-1qy7-83ff
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.
references
0
reference_url https://www.npmjs.com/package/tar
reference_id
reference_type
scores
url https://www.npmjs.com/package/tar
1
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37712
reference_id CVE-2021-37712
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-37712
3
reference_url https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
reference_id GHSA-qq89-hq3f-393p
reference_type
scores
url https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
fixed_packages
0
url pkg:npm/tar@4.4.18
purl pkg:npm/tar@4.4.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@4.4.18
1
url pkg:npm/tar@5.0.10
purl pkg:npm/tar@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@5.0.10
2
url pkg:npm/tar@6.1.9
purl pkg:npm/tar@6.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@6.1.9
aliases CVE-2021-37712, GHSA-qq89-hq3f-393p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99ay-1qy7-83ff
1
url VCID-k4vc-34un-bka6
vulnerability_id VCID-k4vc-34un-bka6
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37713
reference_id CVE-2021-37713
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-37713
1
reference_url https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
reference_id GHSA-5955-9wpr-37jh
reference_type
scores
url https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
fixed_packages
0
url pkg:npm/tar@4.4.18
purl pkg:npm/tar@4.4.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@4.4.18
1
url pkg:npm/tar@5.0.10
purl pkg:npm/tar@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@5.0.10
2
url pkg:npm/tar@6.1.9
purl pkg:npm/tar@6.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tar@6.1.9
aliases CVE-2021-37713, GHSA-5955-9wpr-37jh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4vc-34un-bka6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/tar@6.1.9