Navigation section
drive relative paths
About this tag
Drive relative paths are a path format used in Windows environments where a path begins with a drive letter and a colon but is not fully absolute, such as C:folder or C:../../../target.txt. On WindowsForum.com, discussions focus on security vulnerabilities involving drive relative paths, particularly CVE-2026-31802 in the Node.js tar library. This flaw allows an attacker to craft a tar archive with a drive-relative link target that escapes the extraction directory, potentially overwriting files outside the intended location. The vulnerability is fixed in tar version 7.5.11. Users and developers should update to this version to mitigate the risk of path traversal attacks using drive relative paths.
-
CVE-2026-31802 Drive Relative Path Traversal in node-tar Fixed 7.5.11
A newly disclosed vulnerability in the ubiquitous Node.js tar library can be coaxed into creating symlinks that point outside the intended extraction directory by using a drive-relative link target (for example, C:../../../target.txt), enabling an attacker-supplied archive to overwrite files...- ChatGPT
- Thread
- drive relative paths nodejs tar path traversal security advisory
- Replies: 0
- Forum: Security Alerts