Primary

Context

tar-fs Symlink Validation Bypass Vulnerability

Vulnerability

Patched

A symlink validation bypass vulnerability has been identified in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5. This vulnerability arises when the destination directory is predictable with a specific tarball, allowing for potential exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of symlinks, potentially causing files to be overwritten or read inappropriately.

Remediation

Users can upgrade to tar-fs versions 3.1.1, 2.1.4, or 1.16.6 to address this vulnerability. Alternatively, the ignore option can be used to bypass non-file and non-directory entries, such as symlinks.

Added: Sep 24, 2025, 6:40 PM

Updated: Sep 24, 2025, 6:40 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.1

remediation

8.3

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.1

remediation

8.3

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

tar-fs Symlink Validation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

mafintosh tar-fs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating