Количество 6
Количество 6
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
CVE-2026-26960
node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default option ...
GHSA-83g3-92jg-28cx
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-26960 node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8. | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-26960 node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8. | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-26960 node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8. | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction | 0% Низкий | около 1 месяца назад | |
| CVE-2026-26960 node-tar is a full-featured Tar for Node.js. When using default option ... | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
| GHSA-83g3-92jg-28cx Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу