The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'node-tar' before versions 4.4.16, 5.0.8, and 6.1.7 is vulnerable to Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links.
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc