Skip to content

Commit 3bb36fd

Browse files
kaustubhbitgokaustubhbitgo
authored
Merge pull request #8010 from BitGo/ignore-node-tar
fix: exclude node-tar .iyarc CVE
2 parents 6176aa4 + 85dd5d3 commit 3bb36fd

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

.iyarc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,9 @@ GHSA-8qq5-rm4j-mr97
1111
# archive PACKING, not extraction,
1212
GHSA-r6q2-hw4h-h46w
1313

14+
# Excluded because:
15+
# - Transitive dependency through lerna and yeoman-generator requiring tar < 7.5.4
16+
# - This CVE affects tar's extraction process with specially crafted archives
17+
# - Our usage is limited to archive PACKING operations only, not extraction
18+
GHSA-34x7-hfp2-rc4v
19+

0 commit comments

Comments
 (0)