Security Advisory

CVE-2025-48387

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-02 19:20:18

Last updated 2025-11-03 20:04:45

Assigner GitHub_M

State PUBLISHED

Description

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

← Browse all CVEs View on cve.org ↗