Vulnerability BDU:2022-03042: Information
Description
Уязвимость модуля Node-tar библиотеки Node.js, позволяющая нарушителю записывать произвольные файлы или выполнить произвольный код
Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Published: Aug. 31, 2021
Modified: Aug. 31, 2021
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
node | sisyphus | 14.18.0-alt1 | 20.13.1-alt1 | ALT-PU-2021-2920-1 | 286074 | Fixed |
node | p10 | 14.18.2-alt1 | 16.19.1-alt1 | ALT-PU-2021-3615-1 | 292248 | Fixed |
node | c10f1 | 14.18.2-alt1 | 16.19.1-alt1 | ALT-PU-2021-3615-1 | 292248 | Fixed |
node | c9f2 | 16.17.1-alt0.c9.1 | 16.19.1-alt0.c9.1 | ALT-PU-2022-3073-1 | 303505 | Fixed |
node | p11 | 14.18.0-alt1 | 20.13.1-alt1 | ALT-PU-2021-2920-1 | 286074 | Fixed |
npm | p10 | 6.14.16-alt1 | 8.19.3-alt1 | ALT-PU-2022-1798-1 | 298947 | Fixed |
npm | c10f1 | 6.14.16-alt1 | 8.19.3-alt1 | ALT-PU-2022-1798-1 | 298947 | Fixed |
npm | c9f2 | 8.15.0-alt0.c9.1 | 8.19.3-alt1 | ALT-PU-2022-3069-1 | 303505 | Fixed |
References to Advisories, Solutions, and Tools
Vulnerability Status | Подтверждена производителем |
Presence of an exploit | Данные уточняются |
Fix status | Уязвимость устранена |
Software Type | Сетевое программное средство, Прикладное ПО информационных систем, Сетевое средство, Программное средство АСУ ТП |
Solution | Использование рекомендаций: Для Node-tar: https://www.npmjs.com/package/tar https://github.com/npm/node-tar/tags https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh Для программных продуктов IBM: https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/ Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpuoct2021.html Для SINEC INS: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf |
Sources | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://nvd.nist.gov/vuln/detail/CVE-2021-37713 https://access.redhat.com/security/cve/cve-2021-37713 https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/ |
Other system identifiers |