cve/CVE-2024-28863.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08

2025-09-29 16:08:36 +00:00

Description

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

POC

Reference

https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36

Github

https://github.com/NaInSec/CVE-LIST
https://github.com/cfvalenzuela-vidal/safenotes
https://github.com/efrei-ADDA84/20200689
https://github.com/lucasarasa/exec-docker-abr-2025
https://github.com/vbelouso/morpheus-gsheet-parser

1.3 KiB Raw Blame History

CVE-2024-28863

Description

POC

Reference

Github

1.3 KiB

Raw Blame History