mafintosh tar-fs
Easy fix4 remedies
cpe:2.3:a:tar-fs_project:tar-fs:*:*:*:*:*:*:*
Easy fix4 remedies
- < 3.0.9
- < 2.1.3
- < 1.16.5
tar-fs Directory Traversal Vulnerability Allowing Extraction Outside of Target Directory
Vulnerability
Patched
A directory traversal vulnerability has been identified in tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5. This vulnerability allows an extracted file to be written outside the specified directory when a particular tarball is used. The issue has been addressed in the mentioned patched versions. As a temporary workaround, the 'ignore' option can be used to skip non-file and non-directory entries, such as symbolic links.
Impact
Exploitation of this vulnerability can lead to arbitrary file writes outside the intended extraction directory, potentially overwriting critical files or disrupting system operations.
Remediation
Users can update to tar-fs versions 3.0.9, 2.1.3, or 1.16.5 to address this vulnerability. Instructions for updating can be found in the tar-fs repository on GitHub.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
0.0exploitability
5.1remediation
8.3relevance
0.0threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.