What is CVE-2021-37713?

CVE-2021-37713 is a high-severity vulnerability in Npm Node-tar, classified under Path Traversal. CVSS score: 8.2/10. Published 2021-08-31.

How severe is CVE-2021-37713?

High severity. CVSS v3 base score is 8.2 out of 10.

Is CVE-2021-37713 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Npm Node-tar

CVE-2021-37713

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.003 (55.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N.

Affected products

Npm Node-tar — versions < 4.4.18, >= 5.0.0, < 5.0.10, >= 6.0.0, < 6.1.9

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

seal-community/patches

References

www.npmjs.com/package/tar (x_refsource_MISC)
github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpuoct2021.html (x_refsource_MISC)
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-37713?: CVE-2021-37713 is a high-severity vulnerability in Npm Node-tar, classified under Path Traversal. CVSS score: 8.2/10. Published 2021-08-31.
How severe is CVE-2021-37713?: High severity. CVSS v3 base score is 8.2 out of 10.
Is CVE-2021-37713 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.