This can lead to extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.Īdditionally, a similar confusion could arise on case-insensitive filesystems. However, \ is a valid filename character on posix systems.īy first creating a directory, and then replacing that directory with a symlink, it is possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location. The cache checking logic used both \ and / characters as path separators.
SYMLINKER NOT WORKING LOGIC ARCHIVE
This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.
This is, in part, achieved by ensuring that extracted directories are not symlinks. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted.
Affected versions of this package are vulnerable to Arbitrary File Write.
0 kommentar(er)
