[jira] [Created] (HBASE-29861) Bump tar from 7.5.6 to 7.5.7 in /hbase-website

Jira Thu, 29 Jan 2026 07:34:09 -0800

Dávid Paksy created HBASE-29861:
-----------------------------------

             Summary: Bump tar from 7.5.6 to 7.5.7 in /hbase-website
                 Key: HBASE-29861
                 URL: https://issues.apache.org/jira/browse/HBASE-29861
             Project: HBase
          Issue Type: Task
          Components: website
            Reporter: Dávid Paksy



h1. node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path 
Traversal
h3. Summary

node-tar contains a vulnerability where the security check for hardlink entries 
uses different path resolution semantics than the actual hardlink creation 
logic. This mismatch allows an attacker to craft a malicious TAR archive that 
bypasses path traversal protections and creates hardlinks to arbitrary files 
outside the extraction directory.

[https://github.com/advisories/GHSA-34x7-hfp2-rc4v]

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HBASE-29861) Bump tar from 7.5.6 to 7.5.7 in /hbase-website

Reply via email to