GitHub Researchers Discover Code Execution Bugs in 'tar' and npm CLI
In the course of two months (July and August), security experts at GitHub have discovered arbitrary code execution vulnerabilities in the open-source Node.js packages, tar, and @npmcli/arborist.