Tardiff Project: Security Vulnerabilities
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-05-06
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
CVSS Score
9.8
EPSS Score
0.015
Published
2016-05-06