#async-tar

[ follow ]
Information security
fromInfoWorld
1 day ago

Serious vulnerability found in Rust library

A critical boundary-parsing bug in async-tar and forks enables file-overwrite remote code execution, affecting widely used tokio-tar and many Rust projects.
Information security
fromTheregister
2 days ago

Vulnerable Rust crate exposes uv Python packager

A header-parsing flaw in async-tar lets attackers smuggle files in tar archives, enabling overwrites and supply-chain attacks; popular fork tokio-tar remains unpatched.
[ Load more ]