CVE-2025-59343 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Debian Releases

Debian Product

Codename

node-tar-fs

bookworm	2.1.3-0+deb12u2 fixed
bookworm (security)	2.1.3-0+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	2.1.3-0+deb11u2 fixed
forky	3.0.9+~cs2.0.4-2 fixed
sid	3.0.9+~cs2.0.4-2 fixed
trixie	3.0.9+~cs2.0.4-1+deb13u1 fixed
trixie (security)	3.0.9+~cs2.0.4-1+deb13u1 fixed

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Vulnerability Media Exposure

[GERMAN] Atlassian Bamboo und Confluence (Data Center und Server): Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Bamboo und Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Cross-Site-Scripting-Angriffe durchzuführen.
Published: 2026-02-17T23:00:00+00:00

References

https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09

https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v

https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html