Skip to main content
Loading…
    CVE-2026-41011 — PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploa — CVE Database · The Intelligence Room