4 matches found
CVE-2026-59871
A flaw was found in node-tar, a library for manipulating tar archives in Node.js. This vulnerability occurs when the library incorrectly converts specific archive path values into numbers, leading to an error during subsequent path processing. An attacker could exploit this to cause the applicati...
CVE-2026-26960
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the...
MiracleLinux 9 : nodejs:18 (AXSA:2024-8778:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8778:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...
Linux Distros Unpatched Vulnerability : CVE-2021-37701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability...