MidnightBSD

Advisories for archive::tar_project

CVE-2018-12015 MEDIUM

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
archive::tar_project archive::tar *
netapp oncommand_workflow_automation -
canonical ubuntu_linux 12.04
canonical ubuntu_linux 17.10
netapp snap_creator_framework -
netapp data_ontap_edge -
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
netapp snapdrive -
canonical ubuntu_linux 16.04
debian debian_linux 9.0
apple mac_os_x *
debian debian_linux 8.0
perl perl *