3 matches found
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
Relative Path Traversal
Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...