[GHSA-r6q2-hw4h-h46w] Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

[levpachmanov]

Updates

• Affected products

Comments
It was already reviewed and approved here - #7095

[github]

Hi there @isaacs! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[shelbyc]

👋 Hi @levpachmanov, I don't know what happened with #7095 to make it merge instead of close, but the change wasn't incorporated due to vulnerable code already being present in the 6.x branch and neither my teammates and I nor the maintainer being comfortable with confidently saying older versions aren't vulnerable when we don't know that for certain. We're going to keep GHSA-r6q2-hw4h-h46w the way it is. Thanks for reaching out to talk about GHSA-r6q2-hw4h-h46w.