GHSA-XX64-WWV2-HCQQ astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks
Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...