CVE-2026-59873
CVE-2026-59873 affects node-tar (Node.js) prior to v7.5.19. The issue arises because the library did not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction/parsing code (e.g., src/extract.ts), enabling a crafted gzip input to cause resource ex...