From 92f2a5649b3c1a02fb958f61ebe38097639e06a7 Mon Sep 17 00:00:00 2001
From: pcreager23 <123037721+pcreager23@users.noreply.github.com>
Date: Mon, 19 May 2025 15:51:31 -0700
Subject: [PATCH] Improve GHSA-pq67-2wwv-3xjx

---
 .../GHSA-pq67-2wwv-3xjx.json                  | 49 ++-----------------
 1 file changed, 4 insertions(+), 45 deletions(-)

diff --git a/advisories/github-reviewed/2025/03/GHSA-pq67-2wwv-3xjx/GHSA-pq67-2wwv-3xjx.json b/advisories/github-reviewed/2025/03/GHSA-pq67-2wwv-3xjx/GHSA-pq67-2wwv-3xjx.json
index f8ad219d0126c..05ec54025ce7f 100644
--- a/advisories/github-reviewed/2025/03/GHSA-pq67-2wwv-3xjx/GHSA-pq67-2wwv-3xjx.json
+++ b/advisories/github-reviewed/2025/03/GHSA-pq67-2wwv-3xjx/GHSA-pq67-2wwv-3xjx.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pq67-2wwv-3xjx",
-  "modified": "2025-03-28T22:11:42Z",
+  "modified": "2025-03-28T22:11:43Z",
   "published": "2025-03-27T18:31:28Z",
   "aliases": [
     "CVE-2024-12905"
   ],
   "summary": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
-  "details": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.",
+  "details": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 **before 3.0.7**.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -15,44 +15,6 @@
     }
   ],
   "affected": [
-    {
-      "package": {
-        "ecosystem": "npm",
-        "name": "tar-fs"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "fixed": "1.16.4"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "package": {
-        "ecosystem": "npm",
-        "name": "tar-fs"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "2.0.0"
-            },
-            {
-              "fixed": "2.1.2"
-            }
-          ]
-        }
-      ]
-    },
     {
       "package": {
         "ecosystem": "npm",
@@ -66,14 +28,11 @@
               "introduced": "3.0.0"
             },
             {
-              "fixed": "3.0.8"
+              "fixed": "3.0.7"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "< 3.0.7"
-      }
+      ]
     }
   ],
   "references": [