cve/2018/CVE-2018-20835.md

CVE-2018-20835

Description

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

POC

Reference

No PoCs from references.

Github

• https://github.com/Demo-Proj-Org/Code-Scan-Repo-Js
• https://github.com/Executor986/codescanningdemo
• https://github.com/Gitleaks-repo/Gitleaks2
• https://github.com/HitenBorse/MyRepository
• https://github.com/JS00571119/Zipslip
• https://github.com/Mariselvam-T/code-scanning-javascript-demo_Local
• https://github.com/NightHack36/code-scaning-java
• https://github.com/Repository-with-Findings/2-Gitleaks
• https://github.com/Rutik1333/demo
• https://github.com/SatiricFX/code-scanning-javascript-demo
• https://github.com/aglenn-circle/code-scan-test
• https://github.com/dbroadhurst-zoic/code-scanning-javascript-demo
• https://github.com/driveit/devtest
• https://github.com/driveittech16/demo-test
• https://github.com/driveittech16/demo2
• https://github.com/ghas-bootcamp-2024-05-07-cloudlabs991/ghas-bootcamp-javascript
• https://github.com/github-devtools-2022/code-scanning-javascript-demo
• https://github.com/github/code-scanning-javascript-demo
• https://github.com/matthieugi/code-scanning-javascript-demo
• https://github.com/octodemo/NP-Test
• https://github.com/octodemo/code-scanning-javascript-demo
• https://github.com/ossf-cve-benchmark/CVE-2018-20835
• https://github.com/paromitaroy/ghas-test
• https://github.com/pholleran/security-demo
• https://github.com/ridezum/code-scanning
• https://github.com/rohitnb-sandbox/03-ghas-demo-zipslip
• https://github.com/rohitnb/code-scanning-pr-scan
• https://github.com/wviriya/code-scanning-javascript-demo-configured
• https://github.com/yanivpaz/yanivpaz-https-github.com-yanivpaz-ghas-bootcamp-javascript-no-sbom