EUVD-2025-16687
GHSA-8cj5-5rvv-wf4v
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 872 npm packages depend on tar-fs (27 direct, 845 indirect)
Ecosystem-wide dependent count for version 2.0.0.
DescriptionNVD
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
AnalysisAI
tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5 contain a path traversal vulnerability (CWE-22) that allows attackers to extract tar archives outside the intended directory using specially crafted tarballs. This affects all users of vulnerable tar-fs versions with network-accessible extraction endpoints; the high CVSS 8.7 score reflects the integrity impact and network-accessible attack vector, though no KEV status or widespread public exploits have been confirmed at this time.
Technical ContextAI
tar-fs is a Node.js module that provides filesystem bindings for tar-stream, enabling extraction and creation of tar archives. The vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'), where the extraction logic fails to properly validate and sanitize file paths extracted from tar headers before writing to the filesystem. Attackers can embed path traversal sequences (e.g., '../../../etc/passwd') or absolute paths in tar archive member headers, causing the extract() function to write files outside the intended extraction directory. Affected CPE identifiers include npm:tar-fs across all three major version branches (1.x, 2.x, 3.x) prior to their respective patch releases.
RemediationAI
Upgrade npm tar-fs package to patched versions; details: ['For 1.x users: upgrade to 1.16.5 or later', 'For 2.x users: upgrade to 2.1.3 or later', 'For 3.x users: upgrade to 3.0.9 or later']; command: npm update tar-fs@latest Workaround: Use the ignore option to filter non-file/directory entries; details: Configure the extract() function with an ignore predicate that rejects symbolic links, device files, and other special file types that could facilitate traversal attacks. This is a temporary mitigation and does not address all path traversal vectors.; code_example: tar.extract(dir, { ignore: (name, header) => header.type ! 'file' && header.type ! 'directory' }) Validation: Implement path validation before extraction; details: Independently validate all extracted file paths using path.resolve() and path.relative() to ensure paths remain within the target directory. Reject any paths that traverse outside the extraction root. Operational: Process untrusted tarballs in sandboxed environments; details: Extract user-supplied tarballs in isolated containers or chroot jails to limit damage from successful path traversal exploitation.
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| focal | DNE | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 2.1.3-0+deb11u1 | - |
| bullseye (security) | fixed | 2.1.3-0+deb11u2 | - |
| bookworm, bookworm (security) | fixed | 2.1.3-0+deb12u2 | - |
| trixie (security), trixie | fixed | 3.0.9+~cs2.0.4-1+deb13u1 | - |
| forky, sid | fixed | 3.0.9+~cs2.0.4-2 | - |
| bookworm | fixed | 2.1.3-0+deb12u1 | - |
| (unstable) | fixed | 3.0.9+~cs2.0.4-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today