npm package
@vltpkg/tar
pkg:npm/%40vltpkg/tar
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24909 | Med | 5.9 | < 1.0.0-rc.10 | 1.0.0-rc.10 | Jan 27, 2026 | vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction. |
- affected < 1.0.0-rc.10fixed 1.0.0-rc.10
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.