tar-fs is a filesystem bindings for tar-stream.
Affected versions of this package are vulnerable to Arbitrary File Overwrite. An attacker can overwrite files on the system when extracting a
tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.
tar-fs to version 1.16.2 or higher.