AZL-79553

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79553.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-79553

Upstream

CVE-2026-29786

Published

2026-03-07T16:15:55Z

Modified

2026-04-01T05:23:29.020385Z

Summary

CVE-2026-29786 affecting package tar 1.35-2

Details

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-29786

Affected packages

Azure Linux:3 / tar

Package

Name: tar
Purl: pkg:rpm/azure-linux/tar

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.35-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79553.json"