An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:tar_project:tar:*:*:*:*:*:*:*:*"
],
"vendor_product": "tar_project:tar",
"extracted_events": [
{
"fixed": "0.4.16"
},
{
"fixed": "0.4.16"
}
]
}
]
}