Lucene search
K

6 matches found

OSV
OSV
added 2026/06/15 5:19 p.m.10 views

GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.5AI score0.00107EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.10 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:27 p.m.8 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.2CVSS6.5AI score0.00334EPSS
Exploits2Affected Software2
OSV
OSV
added 2026/03/07 4:15 p.m.3 views

UBUNTU-CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS5.8AI score0.00408EPSS
Exploits2References4
OSV
OSV
added 2026/02/27 12:41 a.m.1 views

CLEANSTART-2026-NY12442 node-tar is a full-featured Tar for Node

Multiple security vulnerabilities affect the npm package. node-tar is a full-featured Tar for Node. See references for individual vulnerability details...

9.8CVSS5.8AI score0.02534EPSS
Exploits4References11
OSV
OSV
added 2025/10/30 6:15 p.m.8 views

UBUNTU-CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

6.1CVSS6.8AI score0.00128EPSS
Exploits0References6
Rows per page
Query Builder