Harry Sintonen discovered that GNU tar does not properly handle member
names containing ‘..’, thus allowing an attacker to bypass the path
names specified on the command line and replace files and directories in
the target directory.
Harry Sintonen discovered that GNU tar does not properly handle member
names containing ‘..’, thus allowing an attacker to bypass the path
names specified on the command line and replace files and directories in
the target directory.