{"source":1109532,"name":"tar-fs","dependency":"tar-fs","title":"tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball","url":"https://github.com/advisories/GHSA-vj76-c3g6-qr5v","severity":"high","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.2.0","0.2.1","0.2.2","0.3.0","0.3.1","0.3.2","0.3.3","0.4.0","0.4.1","0.5.0","0.5.1","0.5.2","1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.6.0","1.7.0","1.8.0","1.8.1","1.9.0","1.10.0","1.11.0","1.11.1","1.12.0","1.13.0","1.13.1","1.13.2","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.16.0","1.16.1","1.16.2","1.16.3","1.16.4","1.16.5","1.16.6","2.0.0","2.0.1","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.0.10","3.1.0","3.1.1"],"vulnerableVersions":["2.0.0","2.0.1","2.1.0","2.1.1","2.1.2","2.1.3"],"cwe":["CWE-22","CWE-61"],"cvss":{"score":0,"vectorString":null},"range":">=2.0.0 <2.1.4","id":"cvuUIK3mvYU/u7TShVqDjuuoWy7Jgl2iyysqZzndeGLLwvbCDiePQ/rot9wwSNqpYc8yRaszF/7dU1Uelp1dUw=="}