tar is vulnerable to symlink attack. An attacker is able to write files to arbitrary locations on the file system via a malicious tar file.
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/advisories/GHSA-r628-mhmh-qjhw
github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
www.npmjs.com/advisories/1771
www.npmjs.com/package/tar
www.oracle.com/security-alerts/cpuoct2021.html