{"source":1109552,"name":"tar-fs","dependency":"tar-fs","title":"tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File","url":"https://github.com/advisories/GHSA-pq67-2wwv-3xjx","severity":"high","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.2.0","0.2.1","0.2.2","0.3.0","0.3.1","0.3.2","0.3.3","0.4.0","0.4.1","0.5.0","0.5.1","0.5.2","1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.6.0","1.7.0","1.8.0","1.8.1","1.9.0","1.10.0","1.11.0","1.11.1","1.12.0","1.13.0","1.13.1","1.13.2","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.16.0","1.16.1","1.16.2","1.16.3","1.16.4","1.16.5","1.16.6","2.0.0","2.0.1","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.0.10","3.1.0","3.1.1"],"vulnerableVersions":["2.0.0","2.0.1","2.1.0","2.1.1"],"cwe":["CWE-22"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"range":">=2.0.0 <2.1.2","id":"1dRVXY1/KAgNRzluJejkcnnY74RNVCtUBdSLW4DLR6KPpPmll6CDT96fyxIYOX7Nsq4AChUF8ivPlQmppqQqYw=="}