Description
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Remediation
References
https://nodesecurity.io/advisories/57
http://www.openwall.com/lists/oss-security/2016/04/20/11
Related Vulnerabilities
CVE-2022-23647 Vulnerability in npm package prismjs
CVE-2018-1270 Vulnerability in maven package org.springframework:spring-messaging
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-29484 Vulnerability in npm package ghost
CVE-2019-16552 Vulnerability in maven package com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger