Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality [CVE-2025-59343]

Summary Node.js module tar-fs is used by IBM App Connect Enterprise Certified Container for processing tar files and streams. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

tar-fs: tar-fs symlink validation bypass

A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball...