Tag
symlink-attack
Safeguard articles tagged "symlink-attack" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Open Source Security
node-tar Arbitrary File Write via Symlink Extraction (CVE...
CVE-2021-32803 allows crafted symlinks in tar archives to make node-tar write files outside the extraction directory via malicious npm packages.
Dec 2, 20257 min read
Vulnerability Analysis
Git Clone RCE via Symlink Race on Case-Insensitive Filesy...
A patched Git flaw let attackers achieve remote code execution during clone via a symlink race on case-insensitive filesystems. Here's what teams need to know.
Nov 27, 20258 min read