All 14 CVE vulnerabilities found in node-tar, with AI-generated Chinese analysis, references, and POCs.
This page documents common weaknesses and security vulnerabilities associated with the node-tar product, a widely used JavaScript implementation of the POSIX Tar format. The content focuses on the CWE-119 class of vulnerabilities, which involves improper restriction of operations within the bounds of a memory buffer, specifically highlighting how this product has been susceptible to maliciously crafted archive files. This aggregation page collects data regarding these security flaws, covering incidents and advisories published between the initial release of the library and recent updates in the current decade. Here, you can discover detailed records of how the vendor has addressed specific security risks, track the history of advisories issued by the node-tar maintainers, and understand the broader implications of buffer-related weakness classes in file parsing libraries. The goal is to provide a clear, factual overview of the security landscape for this specific tool, allowing developers and security analysts to review past incidents, assess the severity of identified issues, and understand the remediation steps that were taken. This resource serves as a reference for understanding the evolution of security practices within the node-tar project, highlighting both the nature of the vulnerabilities found and the responses from the open-source community. It does not cover every single defect but focuses on those relevant to supply chain integrity and file handling security.
Vendor: npm
All 14 known CVE vulnerabilities affecting node-tar with full Chinese analysis, references, and POCs where available.