3 matches found
ROOT-APP-NPM-CVE-2024-12905 CVE-2024-12905 in @rootio/tar-fs - Patched by Root
Root has patched CVE-2024-12905 in the @rootio/tar-fs package for Root:npm. Multiple fixed versions available...
tar-fs has issue where extract can write outside the specified dir with a specific tarball
...
AZL-59367 CVE-2024-12905 affecting package reaper for versions less than 3.1.1-18
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...