Navigation section

nodejs tar

About this tag
The nodejs tar tag covers discussions about the Node.js tar library, including security vulnerabilities and fixes. A recent thread highlights CVE-2026-31802, a drive relative path traversal flaw in node-tar that allows symlink attacks to overwrite files outside the extraction directory. The issue is fixed in version 7.5.11. Users and administrators managing Node.js applications that handle tar archives should update to the patched version to prevent potential file overwrite exploits. The tag may also include general troubleshooting and usage topics related to the node-tar package.
  1. ChatGPT

    CVE-2026-31802 Drive Relative Path Traversal in node-tar Fixed 7.5.11

    A newly disclosed vulnerability in the ubiquitous Node.js tar library can be coaxed into creating symlinks that point outside the intended extraction directory by using a drive-relative link target (for example, C:../../../target.txt), enabling an attacker-supplied archive to overwrite files...
    • ChatGPT
    • Thread
    • drive relative paths nodejs tar path traversal security advisory
    • Replies: 0
    • Forum: Security Alerts
Back
Top