Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Isaacs
Isaacs tar |
|
| Vendors & Products |
Isaacs
Isaacs tar |
Fri, 10 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-606 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18. | |
| Title | node-tar: Negative tar entry size causes infinite loop in archive replace | |
| Weaknesses | CWE-835 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T17:00:42.937Z
Reserved: 2026-07-07T15:41:53.607Z
Link: CVE-2026-59874
Updated: 2026-07-08T16:51:16.720Z
No data.
OpenCVE Enrichment
Updated: 2026-07-16T21:45:06Z