Bump transitive node-tar to 7.5.16 to remediate GHSA-vmf3-w455-68vh#2012
Closed
mikeharder with Copilot wants to merge 2 commits into
Closed
Bump transitive node-tar to 7.5.16 to remediate GHSA-vmf3-w455-68vh#2012mikeharder with Copilot wants to merge 2 commits into
mikeharder with Copilot wants to merge 2 commits into
Conversation
Copilot
AI
changed the title
[WIP] Fix node-tar PAX size override vulnerability
Bump transitive node-tar to 7.5.16 to remediate GHSA-vmf3-w455-68vh
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
tar@7.5.13in the workspace lockfile is vulnerable to a PAX/GNU header parsing differential that can cause archive interpretation conflicts (CVE-2026-53655). This change pins the dependency graph to the minimum patched version,tar@7.5.16, with no direct code-path changes.Dependency remediation
tarinpnpm-workspace.yaml(the effective override location under pnpm v10 in this repo).pnpm-lock.yamlso all resolvedtarentries move from7.5.13to7.5.16.Reachability assessment
tar.list,tar.extract/tar.x,tar.Parse,tar.Unpack, directtarimports/requires).Original prompt
This section details the Dependabot vulnerability alert you should resolve
<alert_title>node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)</alert_title>
<alert_description>### Summary
tar(node-tar) applies a PAX extended header'ssize=record (and other PAXoverrides) to the next header entry of any type, including intermediary
metadata headers such as a GNU long-name (
L) or long-link (K) entry. PerPOSIX pax, a PAX extended header (
x) describes the next file entry, not theintermediary extension headers that may sit between the
xheader and the fileit annotates. Because node-tar lets the PAX
sizeoverride the byte length ofan intervening
L/K/xheader, an attacker can desynchronize node-tar'sstream cursor relative to every other mainstream tar implementation
(GNU tar, libarchive/bsdtar, Python
tarfile, and the now-fixedtar-rs/astral-tokio-tar).The result is a tar parser interpretation differential (CWE-436): a single
crafted archive yields a different set of members under node-tar than under the
reference tar tools. An attacker can use this to hide a member from one parser
while it is visible to another, which defeats security tooling whose scanner and
extractor disagree on archive contents (e.g. a malware/secret scanner that lists
entries with one library while a downstream step extracts with another). node-tar
is one of the most widely deployed JavaScript tar libraries (it backs
npm's ownpackage-tarball handling and is a transitive dependency of a very large fraction
of the npm ecosystem), so the blast radius for "files that extract differently
depending on the tool" is broad.
This is the same root cause and fix that was just addressed upstream in the Rust
tar ecosystem (
tar-rs/astral-tokio-tar); node-tar carries the equivalentdefect and has no equivalent guard.
Impact
the prior tar "smuggling" advisories GHSA-j5gw-2vrg-8fgx and
GHSA-fp55-jw48-c537).
scans with node-tar and a different member list to GNU tar / libarchive /
Python tarfile (and vice versa). This lets a malicious file be hidden from a
scanner that uses a different parser than the eventual extractor, or hidden
from node-tar-based inspection while still landing on disk via a system
tar.an attacker-supplied tar with node-tar. Tar archives are routinely fetched
from untrusted sources (package registries, user uploads, CI artifacts,
container layers).
RCE; it is a building block for supply-chain / scanner-evasion attacks rather
than a standalone code-execution primitive.
Vulnerable code (file:line)
src/header.ts(compiled todist/esm/header.js:49anddist/commonjs/header.js:85in the publishedtar@7.5.15):exis the currently-accumulated PAX local extended header andgexthePAX global header. The
sizeoverride fromex/gexis appliedunconditionally to whatever header is being decoded next — there is no check
that the header being decoded is a real file entry rather than an intermediary
extension header.
src/parse.ts,[CONSUMEHEADER]constructs the next header with the currentEX/GEXapplied:and later branches on whether that header is a metadata entry.
this[EX]iscleared only in the non-meta (real file) branch:
When the stream is ordered
x (PAX, size=N) -> L (GNU long-name) -> file, theLheader is constructed withthis[EX]still set, so itssize/remainbecomes
Ninstead of theLpayload's true length. node-tar then consumesNbytes of "metadata" and resumes header parsing at the wrong offset, landing
mid-stream. Every other mainstream parser applies the PAX
sizeonly to thefollowing file entry, so they stay synchronized.
The correct behavior (and the fix shipped upstream in the Rust tar ecosystem) is
to not apply PAX
size/overrides when the entry being decoded is itself anextension header (
LGNU long-name,KGNU long-link,xPAX local,gPAXglobal).
##...