A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.
{ "nvd_published_at": "2019-04-30T19:29:00Z", "github_reviewed_at": "2019-05-01T18:25:25Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }