Atlassian Jira Service Management 5.15.2 < 10.3.18 / 10.4.0 < 11.3.3 (JSDSERVER-16530)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16530 advisory. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...

File Inclusion node-tar Dependency in Confluence Data Center

This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2 and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16529)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16529 advisory. - node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security...

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16528)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16528 advisory. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and...

Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.

Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1483)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1483 advisory. node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1484)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1484 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js...

Important: nodejs20

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

Security Bulletin: Vulnerabilities in affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Ta...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745

Summary IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The...

Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data

Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.2 Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolutio...

Exploit for CVE-2026-31802

CVE-2026-31802: tar Symlink Path Traversal / Arbitrary File Ov...

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

GHSA-9PPJ-QMQM-Q256 node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

DEBIAN-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...