GitHub finds 7 code execution vulnerabilities in tar and npm CLI


GitHub security team has identified several highseverity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI.

Node.js package tar remains a core dependency for installers that need to unpack npm packages postinstallation. The package is also used by thousands of other open source projects, and as such receives roughly 20 million downloads every week.

Read More…