### [CVE-2018-20835](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20835)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Demo-Proj-Org/Code-Scan-Repo-Js
- https://github.com/Executor986/codescanningdemo
- https://github.com/Gitleaks-repo/Gitleaks2
- https://github.com/HitenBorse/MyRepository
- https://github.com/JS00571119/Zipslip
- https://github.com/Mariselvam-T/code-scanning-javascript-demo_Local
- https://github.com/NightHack36/code-scaning-java
- https://github.com/Repository-with-Findings/2-Gitleaks
- https://github.com/Rutik1333/demo
- https://github.com/SatiricFX/code-scanning-javascript-demo
- https://github.com/aglenn-circle/code-scan-test
- https://github.com/dbroadhurst-zoic/code-scanning-javascript-demo
- https://github.com/driveit/devtest
- https://github.com/driveittech16/demo-test
- https://github.com/driveittech16/demo2
- https://github.com/ghas-bootcamp-2024-05-07-cloudlabs991/ghas-bootcamp-javascript
- https://github.com/github-devtools-2022/code-scanning-javascript-demo
- https://github.com/github/code-scanning-javascript-demo
- https://github.com/matthieugi/code-scanning-javascript-demo
- https://github.com/octodemo/NP-Test
- https://github.com/octodemo/code-scanning-javascript-demo
- https://github.com/ossf-cve-benchmark/CVE-2018-20835
- https://github.com/paromitaroy/ghas-test
- https://github.com/pholleran/security-demo
- https://github.com/ridezum/code-scanning
- https://github.com/rohitnb-sandbox/03-ghas-demo-zipslip
- https://github.com/rohitnb/code-scanning-pr-scan
- https://github.com/wviriya/code-scanning-javascript-demo-configured
- https://github.com/yanivpaz/yanivpaz-https-github.com-yanivpaz-ghas-bootcamp-javascript-no-sbom