node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18.
References
Configurations
No configuration.
History
08 Jul 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/isaacs/node-tar/security/advisories/GHSA-w8wr-v893-vjvp - |
08 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-08 16:16
Updated : 2026-07-08 17:17
NVD link : CVE-2026-59871
Mitre link : CVE-2026-59871
CVE.ORG link : CVE-2026-59871
JSON object : View
Products Affected
No product.
CWE
CWE-704
Incorrect Type Conversion or Cast
