It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "node-tar": "4.4.10+ds1-2ubuntu1+esm1" } ] }