In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| archive::tar_project | archive::tar | * |
| netapp | oncommand_workflow_automation | - |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 17.10 |
| netapp | snap_creator_framework | - |
| netapp | data_ontap_edge | - |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| netapp | snapdrive | - |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 9.0 |
| apple | mac_os_x | * |
| debian | debian_linux | 8.0 |
| perl | perl | * |