13 matches found
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
Relative Path Traversal
Overview nanotar is a Tiny and fast Tar utils for any JavaScript runtime! Affected versions of this package are vulnerable to Relative Path Traversal via the parseTar or parseTarGzip functions. An attacker can write arbitrary files outside the intended extraction directory by supplying a speciall...
@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +26 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)
nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...
@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +26 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)
nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...
GHSA-92FH-27VV-894W nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
CVE-2025-69874
CVE-2025-69874 affects the npm package nanotar up to version 0.2.0, which contains a path traversal vulnerability in the internal functions parseTar() and parseTarGzip() . A crafted tar archive can cause writing of arbitrary files outside the intended extraction directory. The provided documents ...
nanotar 安全漏洞
Nanotar is a utility open source by UnJS! Nanotar versions 0.2.0 and earlier have security vulnerabilities. These vulnerabilities stem from path traversal vulnerabilities in the parseTar and parseTarGzip functions, which could allow remote attackers to write any file into a location outside of th...
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...