Download
| Alert*
[3.4] tar: extract pathname bypass (CVE-2016-6321)
GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions: tar 1.14 to 1.29
|