Exploit for Path Traversal in Isaacs Tar

🛡️ CVE-2026-31802 - Simple Proof of Concept Viewer !Downloa...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-31802 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-31802 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15456202...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +13805 more potentially affected by CVE-2026-26960 via tar (>=7.0.0 <=7.5.7)

tar NPM version =7.0.0, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.8 and more Source cves: CVE-2026-26960 Source advisory: SNYK:JS-TAR-15307072...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +46204 more potentially affected by CVE-2024-28863 via tar (>=0.1.12 <=6.2.0)

tar NPM version =0.1.12, =1.0.1, =1.0.0, =2.5.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =0.10.33 - 1.1.0 =1.0.0 - 108-gas-convert =1.0.0 - 1095h-cli =1.0.1 and more Source cves: CVE-2024-28863 Source advisory: OSV:GHSA-F5X3-32G6-XQ36...

37fis (>=1.0.0 <=1.0.2), 88slot-ap (=1.0.0) +826 more potentially affected by CVE-2021-37712 via tar (>=3.0.0 <=4.4.15)

tar NPM version =3.0.0, =1.0.0, =0.0.17, =0.0.1, =0.1.0, =1.0.0, =0.3.5, =0.2.0, =0.0.2, =0.2.0, =0.2.0, =0.2.3 and more Source cves: CVE-2021-37712 Source advisory: OSV:GHSA-QQ89-HQ3F-393P...