CVE-2025-69874

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

Relative Path Traversal

Overview nanotar is a Tiny and fast Tar utils for any JavaScript runtime! Affected versions of this package are vulnerable to Relative Path Traversal via the parseTar or parseTarGzip functions. An attacker can write arbitrary files outside the intended extraction directory by supplying a speciall...

GHSA-92FH-27VV-894W nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

nanotar 安全漏洞

Nanotar is a utility open source by UnJS! Nanotar versions 0.2.0 and earlier have security vulnerabilities. These vulnerabilities stem from path traversal vulnerabilities in the parseTar and parseTarGzip functions, which could allow remote attackers to write any file into a location outside of th...

PT-2026-7626

Name of the Vulnerable Software and Affected Versions nanotar versions through 0.2.0 Description The nanotar software contains a path traversal flaw within the parseTar and parseTarGzip functions. This allows attackers to potentially write files to locations outside the intended extraction...

CVE-2025-69874

Nanotar versions through 0.2.0 contain a path traversal vulnerability in parseTar() and parseTarGzip() that lets an attacker craft a tar archive to write arbitrary files outside the intended extraction directory. Affected software: nanotar = 0.2.1+ or newer). If upgrading isn’t immediately possib...