Allocation of Resources Without Limits or Throttling in node-tar - #VU135768
Published: June 29, 2026
node-tar
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the Unpack stream in src/extract.ts when extracting crafted compressed tar archives. A remote attacker can send a specially crafted archive to cause a denial of service.
The issue can exhaust disk space and CPU through decompression and parsing of highly compressible input.