Back to CVE List

CVE-2026-31802

HIGH SEVERITY

Vulnerability Description

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-22
Source
NVD
Vendor
isaacs
Product
node-tar

External References

Discussion (0)

Add Comment

No comments yet. Be the first!