High severityNVD Advisory· Published Aug 10, 2021· Updated Aug 4, 2024
CVE-2021-38511
CVE-2021-38511
Description
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tarcrates.io | < 0.4.36 | 0.4.36 |
Affected products
2- Rust/tar cratedescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-62jx-8vmh-4mcwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38511ghsaADVISORY
- github.com/alexcrichton/tar-rs/issues/238ghsaWEB
- github.com/alexcrichton/tar-rs/pull/259ghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/tar/RUSTSEC-2021-0080.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2021-0080.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.