Description
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Remediation
References
Related Vulnerabilities
PostgreSQL CVE-2021-32029 Vulnerability (CVE-2021-32029)
WebLogic CVE-2022-21557 Vulnerability (CVE-2022-21557)
WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)
Oracle Database Server CVE-2011-0881 Vulnerability (CVE-2011-0881)
Varnish Cache Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0345)