#directory-permission

1. Symlink Exploitation Allows Arbitrary Directory Permission Manipulation in astral-tokio-tar Library

A coordinated security disclosure has revealed multiple vulnerabilities in astral-tokio-tar, a Rust-based tar archive library widely used in systems programming. Two high-severity flaws—RUSTSEC-2026-0113 and RUSTSEC-2026-0112—were identified in version 0.6.0, exposing systems that process untrusted tar archives to dire...