High severityOSV Advisory· Published Apr 30, 2019· Updated Aug 5, 2024
CVE-2018-20835
CVE-2018-20835
Description
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tar-fsnpm | < 1.16.2 | 1.16.2 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-x2mc-8fgj-3wmrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20835ghsaADVISORY
- github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2ghsax_refsource_MISCWEB
- github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2fghsax_refsource_MISCWEB
- hackerone.com/reports/344595ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.