CVE-2025-69874

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
3
PROJECTS

Description

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

EthanKim88/ethan-cve-disclosures
EthanKim88/ethan-cve-disclosures
Security vulnerability disclosures and advisories by Ethan Taebeom Kim (Cremit)
GitHubGitHub
4
unjs/nanotar
unjs/nanotar
📼 Tiny and fast tar utils for any JavaScript runtime!
GitHubGitHub
194
nanotar
nanotar
Tiny and fast Tar utils for any JavaScript runtime!
NPMNPM