[BUG] vulnerability in tar dependency #8917
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
Latest npm version uses the dependency: tar@7.5.2.
During a CVE scan we found HIGH CVE for tar@7.5.2 (GHSA-8qq5-rm4j-mr97).
The remediation is upgrading tar version to 7.5.3.
Please upgrade to avoid exposure to the vulnerability.
Expected Behavior
Latest npm version uses the dependency: tar@7.5.2.
During a CVE scan we found HIGH CVE for tar@7.5.2 (GHSA-8qq5-rm4j-mr97).
The remediation is upgrading tar version to 7.5.3.
Please upgrade to avoid exposure to the vulnerability.
Steps To Reproduce
- install npm
- list the version of tar dependency
- cat /usr/lib/node_modules/npm/node_modules/tar/package.json | grep version
Environment
- npm:
- Node.js:
- OS Name:
- System Model Name:
- npm config:
; copy and paste output from `npm config ls` here