CNNVD-202601-2726 Information

CNNVD ID

CNNVD-202601-2726

Related CVE

CVE-2026-23745

• CNNVD Published: 2026-01-16

Description (Chinese)

node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.2及之前版本存在路径遍历漏洞，该漏洞源于未清理链接路径，可能导致任意文件覆盖和符号链接投毒。

Description (English)

Node-tar is a software package for file compression/decompression by the personal developer of the saacs. Node-tar 7.5.2 and previous versions had a loophole in the path, which stemmed from uncleaned links, which could lead to the poisoning of any file cover and symbol link.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97 https://access.redhat.com/security/cve/cve-2026-23745

Patch

https://github.com/isaacs/node-tar/releases