{"id":3493140,"name":"github.com/vbatts/tar-split","ecosystem":"go","description":"","homepage":"https://github.com/vbatts/tar-split","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/vbatts/tar-split","keywords_array":[],"namespace":"github.com/vbatts","versions_count":32,"first_release_published_at":"2016-08-16T15:37:11.000Z","latest_release_published_at":"2026-04-27T13:44:09.000Z","latest_release_number":"v0.12.3","last_synced_at":"2026-06-29T14:14:51.772Z","created_at":"2022-04-10T19:14:49.662Z","updated_at":"2026-06-29T14:14:51.772Z","registry_url":"https://pkg.go.dev/github.com/vbatts/tar-split","install_command":"go get github.com/vbatts/tar-split","documentation_url":"https://pkg.go.dev/github.com/vbatts/tar-split#section-documentation","metadata":{},"repo_metadata":{"uuid":"31038955","full_name":"vbatts/tar-split","owner":"vbatts","description":"checksum-reproducible tar archives (utility/library)","archived":false,"fork":false,"pushed_at":"2022-08-12T05:28:41.000Z","size":3370,"stargazers_count":85,"open_issues_count":6,"forks_count":30,"subscribers_count":8,"default_branch":"master","last_synced_at":"2023-03-10T21:03:47.951Z","etag":null,"topics":["checksum","disassembly","golang","payload","tar-archive"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-02-19T21:54:01.000Z","updated_at":"2023-01-28T03:37:04.000Z","dependencies_parsed_at":"2022-09-06T05:12:01.118Z","dependency_job_id":null,"html_url":"https://github.com/vbatts/tar-split","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vbatts%2Ftar-split","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vbatts%2Ftar-split/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vbatts%2Ftar-split/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vbatts","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"}},"repo_metadata_updated_at":"2023-03-21T18:38:07.839Z","dependent_packages_count":1798,"downloads":null,"downloads_period":null,"dependent_repos_count":4365,"rankings":{"downloads":null,"dependent_repos_count":0.12558045963900027,"dependent_packages_count":0.09841111164113232,"stargazers_count":4.761771434141567,"forks_count":4.176600212583931,"docker_downloads_count":0.1026628035033941,"average":1.8530052043018048},"purl":"pkg:golang/github.com/vbatts/tar-split","advisories":[{"uuid":"GSA_kwCzR0hTQS1ocXdoLTh4djktNDJod84AAYKW","url":"https://github.com/advisories/GHSA-hqwh-8xv9-42hw","title":"tar-split memory exhaustion","description":"Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T00:22:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-14992","https://github.com/moby/moby/issues/35075","https://github.com/vbatts/tar-split/pull/42","https://github.com/vbatts/tar-split/releases/tag/v0.10.2","https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992","https://github.com/advisories/GHSA-hqwh-8xv9-42hw"],"source_kind":"github","identifiers":["GHSA-hqwh-8xv9-42hw","CVE-2017-14992"],"repository_url":"https://github.com/moby/moby","blast_radius":0.0,"created_at":"2025-04-23T03:08:36.482Z","updated_at":"2026-06-29T04:04:01.561Z","epss_percentage":0.0247,"epss_percentile":0.82498,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocXdoLTh4djktNDJod84AAYKW","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ocXdoLTh4djktNDJod84AAYKW","packages":[{"ecosystem":"go","package_name":"github.com/vbatts/tar-split","versions":[{"first_patched_version":"0.10.2","vulnerable_version_range":"\u003c 0.10.2"}],"purl":"pkg:go/github.com%2Fvbatts%2Ftar-split"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocXdoLTh4djktNDJod84AAYKW/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/vbatts/tar-split","docker_dependents_count":2615,"docker_downloads_count":9316441235,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/vbatts/tar-split","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/vbatts/tar-split/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-05-28T21:04:10.005Z","issues_count":19,"pull_requests_count":45,"avg_time_to_close_issue":9236001.857142856,"avg_time_to_close_pull_request":2480239.4318181816,"issues_closed_count":14,"pull_requests_closed_count":44,"pull_request_authors_count":16,"issue_authors_count":13,"avg_comments_per_issue":2.263157894736842,"avg_comments_per_pull_request":2.4,"merged_pull_requests_count":37,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":2,"past_year_pull_requests_count":6,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":330.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":6,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":2,"past_year_avg_comments_per_issue":5.5,"past_year_avg_comments_per_pull_request":1.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":5},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fvbatts%2Ftar-split/codemeta","maintainers":[]}