Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-20835

Description

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

POC

Reference

No PoCs from references.

Github

- https://github.com/Demo-Proj-Org/Code-Scan-Repo-Js

- https://github.com/Executor986/codescanningdemo

- https://github.com/GSaraySWO/ghas-bootcamp-javascript

- https://github.com/Gitleaks-repo/Gitleaks2

- https://github.com/HitenBorse/MyRepository

- https://github.com/JS00571119/Zipslip

- https://github.com/Mariselvam-T/code-scanning-javascript-demo_Local

- https://github.com/NightHack36/code-scaning-java

- https://github.com/Organizacion-GHAS-bootcamp/ghas-bootcamp-javascript

- https://github.com/Repository-with-Findings/2-Gitleaks

- https://github.com/Rutik1333/demo

- https://github.com/SatiricFX/code-scanning-javascript-demo

- https://github.com/aglenn-circle/code-scan-test

- https://github.com/dbroadhurst-zoic/code-scanning-javascript-demo

- https://github.com/driveit/devtest

- https://github.com/driveittech16/demo-test

- https://github.com/driveittech16/demo2

- https://github.com/ghas-bootcamp-2024-05-07-cloudlabs991/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-06-06-cloudlabs999/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-06-24-cloudlabs999/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-02-cloudlabs991/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-12-cloudlabs1405/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-19-cloudlabs1403/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-23-cloudlabs1404/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-28-cloudlabs1401/ghas-bootcamp-javascript

- https://github.com/ghas-bootcamp-2024-08-29-cloudlabs1402/ghas-bootcamp-javascript

- https://github.com/github-devtools-2022/code-scanning-javascript-demo

- https://github.com/github/code-scanning-javascript-demo

- https://github.com/matthieugi/code-scanning-javascript-demo

- https://github.com/muraliv21/code-scanning-pr-scan

- https://github.com/octodemo/NP-Test

- https://github.com/octodemo/code-scanning-javascript-demo

- https://github.com/ossf-cve-benchmark/CVE-2018-20835

- https://github.com/paromitaroy/ghas-test

- https://github.com/pholleran/security-demo

- https://github.com/ridezum/code-scanning

- https://github.com/rohitnb-sandbox/03-ghas-demo-zipslip

- https://github.com/rohitnb/code-scanning-pr-scan

- https://github.com/wviriya/code-scanning-javascript-demo-configured

- https://github.com/yanivpaz/yanivpaz-https-github.com-yanivpaz-ghas-bootcamp-javascript-no-sbom