CNNVD-202602-1901 Information

CNNVD ID

CNNVD-202602-1901

Related CVE

CVE-2025-69874

• CNNVD Published: 2026-02-11

Description (Chinese)

nanotar是UnJS开源的一个实用程序！。 nanotar 0.2.0及之前版本存在安全漏洞，该漏洞源于parseTar和parseTarGzip函数存在路径遍历，可能导致远程攻击者将任意文件写入预期提取目录之外。

Description (English)

Nanotar is an open source program for UnJS! There is a security loophole in the nanotar 0.2.0 and previous versions, which stems from the existence of the Parse Tar and Parse TarGzip functions, which could result in remote assailants placing any document outside the intended extraction directory.

Vulnerability Type

其他

Affected Vendor

UnJS

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.md https://github.com/unjs/nanotar https://www.npmjs.com/package/nanotar

Patch

https://github.com/unjs/nanotar/releases