CVE-2025-69874

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

Relative Path Traversal

Overview nanotar is a Tiny and fast Tar utils for any JavaScript runtime! Affected versions of this package are vulnerable to Relative Path Traversal via the parseTar or parseTarGzip functions. An attacker can write arbitrary files outside the intended extraction directory by supplying a speciall...

GHSA-92FH-27VV-894W nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

CVE-2025-69874

CVE-2025-69874 affects the npm package nanotar up to version 0.2.0, which contains a path traversal vulnerability in the internal functions parseTar() and parseTarGzip() . A crafted tar archive can cause writing of arbitrary files outside the intended extraction directory. The provided documents ...

PT-2026-7626

Name of the Vulnerable Software and Affected Versions nanotar versions through 0.2.0 Description The nanotar software contains a path traversal flaw within the parseTar and parseTarGzip functions. This allows attackers to potentially write files to locations outside the intended extraction...

nanotar 安全漏洞

Nanotar is a utility open source by UnJS! Nanotar versions 0.2.0 and earlier have security vulnerabilities. These vulnerabilities stem from path traversal vulnerabilities in the parseTar and parseTarGzip functions, which could allow remote attackers to write any file into a location outside of th...