Lucene search
+L

27 matches found

NVD
NVD
added 2026/07/08 4:16 p.m.11 views

CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS0.00291EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/08 3:25 p.m.6 views

CVE-2026-59871

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

7.5CVSS5.9AI score0.00358EPSS
Exploits1
EUVD
EUVD
added 2026/07/08 3:25 p.m.5 views

EUVD-2026-42308

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS5.9AI score0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/08 3:20 p.m.30 views

CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 3:20 p.m.3 views

CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS6AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 3:20 p.m.12 views

CVE-2026-59875

CVE-2026-59875 affects the Node.js tar library node-tar prior to 7.5.17. The root cause is that NUL bytes are not stripped from PAX path and linkpath records in src/pax.ts, which can allow a crafted archive to reach fs.lstat or fs.open and terminate the process with an uncaught exception. The iss...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.5 views

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16528)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16528 advisory. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/03/05 12:52 a.m.13 views

tar has Hardlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in UnpackSTRIPABSOLUTEPATH chec...

8.6CVSS6AI score0.00408EPSS
Exploits2References4Affected Software1
Amazon
Amazon
added 2026/03/05 12:0 a.m.9 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00541EPSS
Exploits4
Amazon
Amazon
added 2026/03/05 12:0 a.m.6 views

Important: nodejs20

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00334EPSS
Exploits3
Veracode
Veracode
added 2026/01/21 3:7 p.m.8 views

Symlink Poisoning

node-tar is vulnerable to Symlink Poisoning. The vulnerability is due to insufficient sanitization of hardlink and symlink linkpath values during archive extraction, where malicious tar entries can bypass the extraction root restriction and overwrite arbitrary files or create dangerous symlinks...

8.2CVSS5.7AI score0.00334EPSS
Exploits2References13Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 10:29 p.m.10 views

CVE-2026-23745

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS5.4AI score0.00334EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2026/01/17 7:45 a.m.254 views

Exploit for CVE-2026-23745

CVE-2026-23745: node-tar Arbitrary File Overwrite Research:...

8.2CVSS6.9AI score0.00334EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false...

8.2CVSS6AI score0.00334EPSS
Exploits2References3
OSV
OSV
added 2026/01/16 10:16 p.m.4 views

DEBIAN-CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

6.1CVSS5.9AI score0.00334EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2026/01/16 10:16 p.m.2 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS6.7AI score0.00334EPSS
Exploits2References3
CVE
CVE
added 2026/01/16 10:0 p.m.102 views

CVE-2026-23745

node-tar (Tar for Node.js) vulnerability CVE-2026-23745: the library fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false, allowing bypass of extraction root restrictions and leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning ...

8.2CVSS6.5AI score0.00334EPSS
Exploits2References13Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/16 10:0 p.m.5 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.6AI score0.00334EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 10:0 p.m.2 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.4AI score0.00334EPSS
Exploits2References3Affected Software1
Debian CVE
Debian CVE
added 2026/01/16 10:0 p.m.5 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.9AI score0.00334EPSS
Exploits2
Rows per page
Query Builder