Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

VectorNETWORK

PublishedAug 10, 2021, 23:15

Published Bycve@mitre.org

Base Score

Score7.5

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

tar(crates.io)00.4.36N/A

References

https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tar/RUSTSEC-2021-0080.md
https://rustsec.org/advisories/RUSTSEC-2021-0080.html

Weakness Type

CWE-59

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK