Improper Link Resolution and Path Traversal in tar-fs by Mafintosh
CVE-2024-12905

7.5HIGH

Key Information:

Status
Vendor: CVE Published:; 27 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-12905?

The tar-fs package contains vulnerabilities that allow for improper link resolution before file access and improper limitations on pathnames during file extraction. By exploiting these flaws, an attacker can craft a malicious tar file, leading to unauthorized file writes or overwrites outside the intended extraction directory. This security issue specifically affects versions of the tar-fs package prior to 1.16.4, 2.1.2, and 3.0.8. Immediate updates to the latest versions are recommended to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12905-PoC
Created by theMcSam

References

https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a...

patch

https://www.seal.security/blog/a-link-to-the-past-uncover...

technical-description

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 25, 2025
👾
Exploit known to exist
Apr 25, 2025
Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Dec 23, 2024

Credit

@bnbdr

JSON

Badges

What is CVE-2024-12905?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.