Vulnerabilidades en isaacs
14 resultadosCVE-2025-64756HIGHglob CLI: Command injection via -c/--cmd executes matches with shell:trueEPSS 3.0%CVE-2024-28863MEDIUMnode-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validationEPSS 0.9%CVE-2026-24842HIGHnode-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path TraversalEPSS 0.5%CVE-2026-26996HIGHminimatch has a ReDoS via repeated wildcards with non-matching literal in patternEPSS 0.5%CVE-2026-27903HIGHminimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segmentsEPSS 0.5%CVE-2026-25547CRITICALUncontrolled Resource Consumption in @isaacs/brace-expansionEPSS 0.5%CVE-2026-27904HIGHminimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressionsEPSS 0.5%CVE-2026-23745HIGHnode-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path SanitizationEPSS 0.3%CVE-2026-26960HIGHnode-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in ExtractionEPSS 0.3%CVE-2026-29786HIGHnode-tar: Hardlink Path Traversal via Drive-Relative LinkpathEPSS 0.3%CVE-2026-31802HIGHnode-tar Symlink Path Traversal via Drive-Relative LinkpathEPSS 0.3%CVE-2026-23950HIGHnode-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFSEPSS 0.2%CVE-2025-64118MEDIUMnode-tar vulnerable to race condition leading to uninitialized memory exposureEPSS 0.1%CVE-2026-53655MEDIUMnode-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)EPSS 0.1%