CVE-2026-31802
HIGH SEVERITYVulnerability Description
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-22
Source
NVD
Vendor
isaacs
Product
node-tar
Discussion (0)
Add Comment
No comments yet. Be the first!