Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate High Tar vulnerability #655

Open
Lilalamar opened this issue Dec 17, 2019 · 0 comments
Open

Remediate High Tar vulnerability #655

Lilalamar opened this issue Dec 17, 2019 · 0 comments
Labels
security Ticket concerns platform security
Milestone
Q1 2020 Milestone 1

Comments

@Lilalamar
Copy link

Snyk reports the following High severity vulnerability in HumanCellAtlas/ingest-file-archiver. Please remediate by the end of Q1 Milestone 1.

Description

tar

Suggested Remediation

Upgrade tar to version 2.2.2, 4.4.2 or higher.

Details

Affected versions of this package are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hard-link to a file that already exists in the system, and a file that matches the hard-link may overwrite system's files with the contents of the extracted file.
@Lilalamar Lilalamar added the security Ticket concerns platform security label Dec 17, 2019
@Lilalamar Lilalamar added this to the Q1 2020 Milestone 1 milestone Dec 17, 2019
@MightyAx MightyAx removed their assignment Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Ticket concerns platform security
Projects
None yet
Milestone
Q1 2020 Milestone 1
Development

No branches or pull requests
2 participants
@MightyAx @Lilalamar