This vulnerability impacts major, widely-used projects, including uv (Astral's lightning-fast Python package manager), testcontainers, and wasmCloud. Due to the widespread nature of tokio-tar in various forms, it is not possible to truly quantify upfront the blast radius of this bug across the ecosystem.While the active forks have been successfully patched (see also Astral Security Advisory), this disclosure highlights a major systemic challenge: the highly downloaded tokio-tar remains unpatched...