Demon1A

**Name of the Vulnerable Software and Affected Versions** node-tar versions prior to 6.2.1 Node.js (affected versions not specified) **Description** The node-tar package, used for Tar operations in Node.js, is susceptible to a denial-of-service condition. This occurs because there is no limit on the number of sub-folders created during the folder creation process. An attacker can exploit this by providing a specially crafted path containing a large number of nested sub-folders. This can lead to excessive memory consumption and potentially crash the Node.js client. The issue is resolved in version 6.2.1, which prevents extraction in excessively deep sub-folders. **Recommendations** Update node-tar to version 6.2.1 or later.