A vulnerability (CVE-2021-37713, CVE-2021-37712) was found in 6.1.8, 5.0.9, 4.4.17 versions of the popular NPM tar package. The vulnerability could allow a remote attacker to create an arbitrary file, overwrite an arbitrary file and execute arbitrary code.

According to advisory, users using tar should switch to the respective versions 6.1.8, 5.0.9, 4.4.17.

Source: github.com