node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19.
CVSS
No CVSS.
References
Configurations
No configuration.
History
08 Jul 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/isaacs/node-tar/security/advisories/GHSA-23hp-3jrh-7fpw - |
08 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-08 16:16
Updated : 2026-07-08 20:16
NVD link : CVE-2026-59873
Mitre link : CVE-2026-59873
CVE.ORG link : CVE-2026-59873
JSON object : View
Products Affected
No product.
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
