CVE-2024-12905 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) and CWE-22 (Path Traversal) found in the tar-fs package, a Node.js module used for extracting tar archives. The flaw arises when the package processes maliciously crafted tar files containing symbolic links or path traversal sequences. During extraction, the package fails to properly resolve these links or restrict pathnames, allowing files to be written or overwritten outside the intended extraction directory. This can lead to unauthorized modification of arbitrary files on the host system, potentially overwriting critical system or application files. The vulnerability affects tar-fs versions from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, and from 3.0.0 before 3.0.8. The CVSS 3.1 base score is 7.5, reflecting a high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is primarily on integrity, as attackers can alter files without authorization. No confidentiality or availability impact is indicated. No known exploits have been reported in the wild as of the publication date. The vulnerability is relevant for any application or service that uses tar-fs to extract tar archives, especially in automated or server-side environments where untrusted tar files might be processed.

For European organizations, this vulnerability poses a significant risk to the integrity of systems that rely on tar-fs for archive extraction, particularly in development, deployment pipelines, or container environments. Unauthorized file overwrites can lead to code injection, configuration corruption, or disruption of application behavior. This can facilitate further attacks such as privilege escalation, persistent backdoors, or disruption of critical services. Organizations in sectors with high reliance on Node.js and JavaScript ecosystems—such as finance, telecommunications, and technology—may be particularly vulnerable. The lack of required authentication and user interaction increases the risk of automated exploitation if malicious tar files are introduced via supply chain attacks, compromised repositories, or untrusted uploads. Although no known exploits exist yet, the vulnerability’s characteristics make it a likely target for attackers aiming to compromise European infrastructure or intellectual property.

1. Immediately upgrade tar-fs to the latest patched versions: 1.16.4 or later for the 0.x branch, 2.1.2 or later for the 2.x branch, and 3.0.8 or later for the 3.x branch. 2. Implement strict validation and sanitization of tar archive contents before extraction, including checking for symbolic links and path traversal sequences. 3. Use sandboxed or isolated environments for extracting tar files, limiting filesystem permissions to prevent unauthorized writes outside designated directories. 4. Employ application-level whitelisting of allowable file paths and names during extraction. 5. Monitor logs for unusual file modifications or extraction activities. 6. Review and audit CI/CD pipelines and automated processes that handle tar archives to ensure they do not process untrusted inputs. 7. Educate developers and DevOps teams about the risks of unsafe archive extraction and encourage secure coding practices around file handling.