CNNVD-202601-3314 Information

CNNVD ID

CNNVD-202601-3314

Related CVE

CVE-2026-23950

• CNNVD Published: 2026-01-20

Description (Chinese)

node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.3及之前版本存在安全漏洞，该漏洞源于Unicode路径冲突处理不完整，可能导致竞争条件，从而允许任意文件覆盖。

Description (English)

Node-tar is a software package for file compression/decompression by the personal developer of the saacs. Node-tar 7.5.3 and earlier versions had a security loophole, which stemmed from the incomplete handling of the Unicode route conflict, which could lead to competitive conditions, thus allowing for arbitrary document coverage.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6 https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w