CVE-2021-37701, GHSA-9r2w-394v-53qc
npm/tar
Path Traversal
This npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted.
All versions before 4.4.16, all versions starting from 5.0.0 before 5.0.8, all versions starting from 6.0.0 before 6.1.7
Upgrade to versions 4.4.16, 5.0.8, 6.1.7 or above.
2021-09-16
source |