{"vulnerability": "CVE-2016-6321", "sightings": [{"uuid": "a12a06dc-6e94-4cf5-9ad8-9a57cd20c269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-6321", "type": "published-proof-of-concept", "source": "https://t.me/FullDisclosure/216", "content": "[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update\nhttps://goo.gl/su3rRR", "creation_timestamp": "2016-10-30T15:23:59.000000Z"}, {"uuid": "d1dbfe6f-e0ca-468f-af4e-c12054d94b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-6321", "type": "published-proof-of-concept", "source": "https://t.me/FullDisclosure/209", "content": "[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)\nhttps://goo.gl/vS2moQ", "creation_timestamp": "2016-10-26T23:42:19.000000Z"}, {"uuid": "aae65092-ba8f-471c-9627-99047137bae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-6321", "type": "seen", "source": "https://t.me/itsecalert/49", "content": "\u26a0\ufe0f GNU tar extract pathname bypass CVE-2016-6321: enables file and directory overwrite attacks against the user \nor system by using a crafted tar archive. In the worst-case scenario this vulnerability can lead to a full \nsystem compromise (remote code execution as root). (severity: \ud83d\udd37 low) Further Info: http://mcaf.ee/p46bzw\n* GNU tar maintainer didn't consider this to be an issue. as a result mitigation in upstream GNU tar appears unlikely\n#severitylow #linux", "creation_timestamp": "2016-10-28T17:43:27.000000Z"}]}