pkg:npm/tar

所有已知漏洞

• HIGH8.8CVE-2026-23950Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
  from 0, < 7.5.4
• HIGH8.2CVE-2026-24842node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
  from 0, < 7.5.7
• HIGH8.2CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
  >= 3.0.0, < 4.4.16
• HIGH8.2CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
  >= 3.0.0, < 4.4.18
• HIGH8.2CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
  from 0, < 4.4.18
• HIGH8.2CVE-2021-32804Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
  from 0, < 3.2.2
• HIGH8.2CVE-2021-32803Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
  >= 3.0.0, < 3.2.3
• HIGH7.5CVE-2018-20834Arbitrary File Overwrite in tar
  >= 3.0.0, < 4.4.2
• HIGH7.5CVE-2015-8860Symlink Arbitrary File Overwrite in tar
  from 0, < 2.0.0
• HIGH7.1CVE-2026-26960Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
  from 0, < 7.5.8
• MEDIUM6.5CVE-2024-28863Denial of service while parsing a tar file due to lack of folders count validation
  from 0, < 6.2.1
• MEDIUM6.3CVE-2026-29786tar has Hardlink Path Traversal via Drive-Relative Linkpath
  from 0, < 7.5.10
• MEDIUM6.1CVE-2026-23745node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
  from 0, < 7.5.3
• MEDIUM5.5CVE-2026-31802node-tar Symlink Path Traversal via Drive-Relative Linkpath
  from 0, < 7.5.11
• —CVE-2025-64118node-tar has a race condition leading to uninitialized memory exposure
  >= 7.5.1, < 7.5.2