Information security
fromTheregister
2 days agoVulnerable Rust crate exposes uv Python packager
A header-parsing flaw in async-tar lets attackers smuggle files in tar archives, enabling overwrites and supply-chain attacks; popular fork tokio-tar remains unpatched.