logo

Database

Lack of data validation - Path Traversal In nanotar

Description

nanotar is vulnerable to path traversal in parseTar() and parseTarGzip() nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-698742. NVD-2025-698743. OSV-2025-698744. GCVE-2025-69874

References

1. https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.md2. https://www.npmjs.com/package/nanotar

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.