WhisperX tag archive

#directory-permissions

This page collects WhisperX intelligence signals tagged #directory-permissions. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.

Latest Signals (2)

The Lab · 2026-05-04 05:54:06 · GitHub Issues

1. Critical Symlink Flaw in astral-tokio-tar Enables Arbitrary Directory Permission Manipulation

Two security advisories have been issued against the astral-tokio-tar Rust library, exposing vulnerabilities in version 0.6.0 that could allow attackers to manipulate directory permissions outside intended archive boundaries. The first flaw, catalogued as RUSTSEC-2026-0113, stems from the `unpack_in` API's failure to p...

#rustsec #vulnerability #symlink #tar #directory-permissions

The Lab · 2026-05-05 05:31:41 · GitHub Issues

2. Critical Symlink Vulnerability in Tokio-Tar Library Enables Arbitrary Directory Permission Manipulation

A critical security flaw in the astral-tokio-tar archive library allows maliciously crafted tar archives to modify directory permissions outside the intended extraction hierarchy. The vulnerability, catalogued as RUSTSEC-2026-0113, affects all versions through 0.6.0 and exposes systems to arbitrary permission changes o...

#vulnerability #rust #symlink #archive-security #directory-permissions