Hi Tar team, I was wondering if you had a chance to look at https://nvd.nist.gov/vuln/detail/CVE-2025-45582 which suggests way to work around the protection mechanism of "Member name contains '..'" with creating a symlink to a directory in the first tarball and writing files to it (though the symlink) in the second tarball.
There's demo code and video at https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md While it's somewhat complex to exploit this CVE and requires some user steps, the demo still shows it can lead to very undesired results. I would expect the second extract in their demo would require using this flag: -h, --dereference Follow symlinks; archive and dump the files they point to. But directory symlink might be an edge case (or bug in this CVE context). Thanks, Kaplan
