Heeqw

**Name of the Vulnerable Software and Affected Versions** Compressing versions prior to 1.10.4 Compressing version 2.0.0 **Description** Compressing is a compression and decompression library for Node.js. The `compressing.tar.uncompress()` function extracts TAR archives and restores symbolic links without validating their targets. An attacker can embed symlinks that resolve outside the intended extraction directory, causing subsequent file entries to be written to arbitrary locations on the host file system. This can lead to the overwriting of sensitive files or the creation of new files in security-critical locations. In environments where extraction occurs with elevated privileges or targets executable paths, this may result in code execution, privilege escalation, data corruption, or denial of service. **Recommendations** Update Compressing versions prior to 1.10.4 to version 1.10.4. Update Compressing version 2.0.0 to version 2.0.1.