CVE-2024-28863

Summary

CVE-2024-28863 is a vulnerability affecting the node-tar package, a Tar archiver for Node.js, prior to version 6.2.1. This issue allows an attacker to create an excessive number of sub-folders during the extraction process, leading to a significant increase in memory consumption and potential crashes of the Node.js client. The vulnerability arises due to the lack of a limit on the number of sub-folders, and it can be exploited by an attacker through a specially crafted tarball file. The vulnerability has been addressed in version 6.2.1, which includes measures to prevent extraction in excessively deep sub-folders.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.