Upgrade tar to 4.4.2 or later

Fueled / django-init

Project template used at Fueled for scaffolding new Django based projects. :dizzy:

Other

189 stars 46 forks source link

Upgrade tar to 4.4.2 or later #350

Closed CuriousLearner closed 5 years ago

CuriousLearner commented 5 years ago

CVE-2018-20834 Vulnerable versions: < 4.4.2 Patched version: 4.4.2

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

theskumar commented 5 years ago

Working on it.

CuriousLearner commented 5 years ago

Awesome!