exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-24842

8 дней назад

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.

CVSS3: 8.2

EPSS: Низкий

CVE-2026-24842

8 дней назад

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.

CVSS3: 8.2

EPSS: Низкий

CVE-2026-24842

8 дней назад

node-tar,a Tar for Node.js, contains a vulnerability in versions prior ...

CVSS3: 8.2

EPSS: Низкий

GHSA-34x7-hfp2-rc4v

7 дней назад

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

CVSS3: 8.2

EPSS: Низкий

BDU:2026-00891

9 дней назад

Уязвимость библиотеки node-tar программной платформы Node.js, позволяющая нарушителю обойти существующие механизмы безопасности

CVSS3: 8.2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-24842 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.	CVSS3: 8.2	0% Низкий	8 дней назад
CVE-2026-24842 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.	CVSS3: 8.2	0% Низкий	8 дней назад
CVE-2026-24842 node-tar,a Tar for Node.js, contains a vulnerability in versions prior ...	CVSS3: 8.2	0% Низкий	8 дней назад
GHSA-34x7-hfp2-rc4v node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal	CVSS3: 8.2	0% Низкий	7 дней назад
BDU:2026-00891 Уязвимость библиотеки node-tar программной платформы Node.js, позволяющая нарушителю обойти существующие механизмы безопасности	CVSS3: 8.2	0% Низкий	9 дней назад

Уязвимостей на страницу