Php Archive Tar vulnerabilities
4 known vulnerabilities affecting php/archive_tar.
Total CVEs
4
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2021-32610HIGHCVSS 7.1fixed in 1.4.142021-07-30
CVE-2021-32610 [HIGH] CVE-2021-32610: In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a diff
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
nvd
CVE-2020-36193HIGHCVSS 7.5KEV≤ 1.4.112021-01-18
CVE-2020-36193 [HIGH] CWE-22 CVE-2020-36193: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadeq
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
nvd
CVE-2020-28949HIGHCVSS 7.8KEVfixed in 1.4.122020-11-19
CVE-2020-28949 [HIGH] CVE-2020-28949: Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
nvd
CVE-2020-28948HIGHCVSS 7.8fixed in 1.4.112020-11-19
CVE-2020-28948 [HIGH] CWE-502 CVE-2020-28948: Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is no
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
nvd