CNNVD-202601-4442 Information

CNNVD ID

CNNVD-202601-4442

Related CVE

CVE-2026-24909

• CNNVD Published: 2026-01-27

Description (Chinese)

vlt是vlt开源的一个代码库。 vlt 1.0.0-rc.10之前版本存在安全漏洞，该漏洞源于对tar的路径清理处理不当，可能导致提取时发生路径遍历。

Description (English)

vlt is an open-source cod repository of vlt. The previous version of vlt 1.0.0-rc.10 had a security loophole, which stemmed from the inappropriate handling of the path clean-up of the tar, which could lead to a routing of the extraction.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

vlt

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/vltpkg/vltpkg/pull/1334 https://github.com/vltpkg/vltpkg/releases/tag/v1.0.0-rc.10 https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act https://www.scworld.com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-chain-attack

Patch

https://github.com/vltpkg/vltpkg/releases