CNNVD-202601-4837 Information

CNNVD ID

CNNVD-202601-4837

Related CVE

CVE-2026-24842

• CNNVD Published: 2026-01-28

Description (Chinese)

node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.7之前版本存在后置链接漏洞，该漏洞源于硬链接条目的安全检查与创建逻辑不匹配，可能导致绕过路径遍历保护。

Description (English)

Node-tar is a software package for file compression/decompression by the personal developer of the saacs. Node-tar 7.5.7 has a backlink loophole, which stems from the fact that security checks for hard-link entries do not match the creation logic and may lead to a loop-over-protected path.

Hazard Level

Medium

Vulnerability Type

后置链接

Affected Vendor

个人开发者

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46 https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v

Patch

https://github.com/isaacs/node-tar/releases