3 matches found
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
UBUNTU-CVE-2025-59825
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...
PT-2022-16265 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0 Description: An issue was discovered where extracting a specifically crafted tar package could write files outside of the intended path. Recommendations: For Joomla!...