Skip to content

Commit 4262a4d

Browse files
sbouchetsbouchet
committed
CVE-2026-24842 node-tar: Vulnerable to Arbitrary File Creation/Overwrite
via Hardlink Path Traversal Signed-off-by: Stephane Bouchet <sbouchet@redhat.com>
1 parent e4ec8e0 commit 4262a4d

File tree

2 files changed

+48
-144
lines changed

2 files changed

+48
-144
lines changed

code/package-lock.json

Lines changed: 46 additions & 143 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

code/package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -253,7 +253,8 @@
253253
},
254254
"@azure/core-http": {
255255
"form-data": "4.0.4"
256-
}
256+
},
257+
"tar": "^7.5.7"
257258
},
258259
"repository": {
259260
"type": "git",

0 commit comments

Comments
 (0)