Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Debian 11: node-tar-fs Important Symlink Bypass DLA-4313-1 CVE-2025-59343

debian lts
Calendar Grey September 28, 2025
Dist Debian Esm H88
node-tar-fs versions prior to specified versions have been found at risk of a specific security issue. Upgrade recommended.
node-tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball

Summary

node-tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to
symlink validation bypass if the destination directory is predictable
with a specific tarball.

For Debian 11 bullseye, this problem has been fixed in version
2.1.3-0+deb11u2.

We recommend that you upgrade your node-tar-fs packages.

For the detailed security status of node-tar-fs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/node-tar-fs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
important
Lowest
Low
Medium
High
Critical

Package: node-tar-fs
Version: 2.1.3-0+deb11u2
CVE ID: CVE-2025-59343
Debian Bug:

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here