2 matches found
Symlink Attack
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack exploitable via stripAbsolutePath, used by the Unpack class. An attacker can overwrite arbitrary files outside the intended extraction directory by including a hardlink whose linkpa...
PT-2026-23608
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...