1. astral-tokio-tar v0.6.0 Flaw Allows Arbitrary Directory Permission Manipulation via Symlinks
A critical security audit has identified a symlink-based vulnerability in the astral-tokio-tar Rust crate (versions 0.6.0 and earlier), allowing attackers to modify permissions on directories outside the intended archive hierarchy. The flaw, catalogued as RUSTSEC-2026-0113, resides in the unpack_in API, which fails to ...