Vulnerability in Isaacs Node-tar
CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including intermediary metadata headers such as a GNU…
Affected products
- Isaacs Node-tar — versions < 7.5.16
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)