TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog
https://edera.dev/stories/tarmageddonOpen linkView original on sh.itjust.workshttps://edera.dev/stories/tarmageddonOpen linkView original on sh.itjust.works
Honestly, cargo could flag crates with known CVEs, be a better package manager.
Does this affect GNU tar, or Busybox tar, or BSD tar?
The title seems like a stupid attack on open source.. Because closed source abandonware is not a security issue??
At least open source projects can be forked and updated, a closed source system would leave you with only the option of choosing between the software or security.