VYPR

crates.io package

tokio-tar

pkg:cargo/tokio-tar

Vulnerabilities (1)

  • CVE-2025-62518HigOct 21, 2025
    affected <= 0.3.1

    astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr