CVE-2015-8860

HIGH7.5EPSS 0.37%

Symlink Arbitrary File Overwrite in tar

Published: 10/24/2017Modified: 4/28/2026

Description

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1HIGH7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (7)