CVE-2024-28863
CVE Information
CVE ID
CVE-2024-28863
Severity
MEDIUM
CVSS 6.5
Publish Date
2024-03-21
Description
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
Collection Date
2026-01-13
Impact Summary
Affected Hosts
3
Related Incidents
0
Related Alerts
0
Affected Hosts (3)
| Hostname | OS Type | Severity | Total CVEs |
|---|---|---|---|
| inbridge-42 | LINUX | CRITICAL | 142 |
| in-bridge-40 | LINUX | CRITICAL | 392 |
| inbridge-ubt-24 | LINUX | CRITICAL | 2364 |