GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
The vulnerabilities affect both Windows and Unix-based users, and if left unpatched, can be exploited by attackers to achieve arbitrary code execution on a system installing untrusted npm packages.
