Recorded-texteditor120

2 exploits Active since Mar 2026
CVE-2026-31802 GITHUB MEDIUM python WORKING POC
tar < 7.5.11 - Path Traversal via Drive-Relative Symlink Target
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.
CVSS 5.5
CVE-2026-31802 NOMISEC MEDIUM SUSPICIOUS
tar < 7.5.11 - Path Traversal via Drive-Relative Symlink Target
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.
CVSS 5.5