Debian Linux Security Advisory 5008-1 - It was discovered that the symlink extraction protections in node-tar, a Tar archives module for Node.js could by bypassed; allowing a malicious Tar archive to symlink into an arbitrary location.
915d1d41f05c7787a3911c04d0c5812980a9774de9b717719ea636a54be32acd