Fix tar — CVE-2021-37701 HIGH
Fix CVE-2021-37701 (HIGH) in tar for npm. Paste your package.json into PackageFix and get a patched version — no CLI, no signup. Arbitrary file creation via symlink attacks.
⚠ Vulnerability
CVE-2021-37701 (HIGH) — arbitrary file creation via symlink attacks in tar versions below 6.2.1.
Vulnerable Version — package.json
"tar": "6.1.0"
Fixed Version — package.json
"tar": "6.2.1"
✓ Fix
Update tar to 6.2.1 or later. Run npm install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2021-37701 |
| Severity | HIGH |
| Package | tar (npm) |
| Vulnerable versions | Below 6.2.1 |
| Safe version | 6.2.1 |
| CISA KEV | — |
| Description | Arbitrary file creation via symlink attacks |
Frequently Asked Questions
What is CVE-2021-37701?
CVE-2021-37701 is a HIGH severity vulnerability in tar (npm). It allows arbitrary file creation via symlink attacks. Update to version 6.2.1 or later to fix it.
How do I fix CVE-2021-37701 in tar?
Update tar to version 6.2.1 in your package.json. Run npm install after updating to apply the fix.
Is CVE-2021-37701 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2021-37701?
Paste your package.json into PackageFix. If your installed version of tar is below 6.2.1, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: tar npm CVE, tar vulnerability, tar security fix.