High severity7.5NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026
CVE-2015-8860
CVE-2015-8860
Description
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tarnpm | < 2.0.0 | 2.0.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.openwall.com/lists/oss-security/2016/04/20/11nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-gfjr-3jmm-4g9vghsaADVISORY
- nodesecurity.io/advisories/57nvdMitigationVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2015-8860ghsaADVISORY
- github.com/npm/npm/releases/tag/v2.7.5ghsaWEB
- www.npmjs.com/advisories/57ghsaWEB
News mentions
0No linked articles in our index yet.