Skip to content

v2: tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball #10767

New issue
New issue
Open
Open
v2: tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball#10767
Labels
dependenciesPull requests that update a dependency filev2Issues related to v2 apis
@xmunoz

Description

@xmunoz
xmunoz
opened on Oct 9, 2025

Please upgrade tar-fs to the patched version: 2.1.4.

This is for @remix-run/dev 2.17.1.

Please see GHSA-vj76-c3g6-qr5v for more details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency filev2Issues related to v2 apis

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions