3 matches found
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +29 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)
nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...
@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +29 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)
nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...