{"source":1096376,"name":"tar","dependency":"tar","title":"Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links","url":"https://github.com/advisories/GHSA-9r2w-394v-53qc","severity":"high","versions":["0.0.1","0.1.0","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19","0.1.20","1.0.0","1.0.1","1.0.2","1.0.3","2.0.0","2.0.1","2.1.0","2.1.1","2.2.0","2.2.1","2.2.2","3.0.0","3.0.1","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.2.0","3.2.1","3.2.2","3.2.3","4.0.0","4.0.1","4.0.2","4.1.0","4.1.1","4.1.2","4.2.0","4.3.0","4.3.1","4.3.2","4.3.3","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6","4.4.7","4.4.8","4.4.9","4.4.10","4.4.11","4.4.12","4.4.13","4.4.14","4.4.15","4.4.16","4.4.17","4.4.18","4.4.19","5.0.0","5.0.1","5.0.2","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","5.0.10","5.0.11","6.0.0","6.0.1","6.0.2","6.0.3","6.0.4","6.0.5","6.1.0","6.1.1","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.1.9","6.1.10","6.1.11","6.1.12","6.1.13","6.1.14","6.1.15","6.2.0","6.2.1","7.0.0","7.0.1","7.1.0","7.2.0","7.3.0","7.4.0","7.4.1","7.4.2","7.4.3"],"vulnerableVersions":["3.0.0","3.0.1","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.2.0","3.2.1","3.2.2","3.2.3","4.0.0","4.0.1","4.0.2","4.1.0","4.1.1","4.1.2","4.2.0","4.3.0","4.3.1","4.3.2","4.3.3","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6","4.4.7","4.4.8","4.4.9","4.4.10","4.4.11","4.4.12","4.4.13","4.4.14","4.4.15"],"cwe":["CWE-22","CWE-59"],"cvss":{"score":8.2,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},"range":">=3.0.0 <4.4.16","id":"iGhlXBo2C3GMEobrnZHsFcxuxtbg18pXs9NteE9NJvkfx7BhWZRecOSrjiP6t94a4eI554NNWm941yt9UNH5og=="}