pear/archive_tar Security Advisories for 1.3.16 (5)
-
[HIGH] Directory Traversal in Archive_Tar
PKSA-jprw-4s5r-w75x CVE-2021-32610 GHSA-p8q8-jfcv-g2h2
Affected version: <1.4.14
Reported by:
GitHub -
[HIGH] Deserialization of Untrusted Data in Archive_Tar
PKSA-p4dv-5vjw-vc2z CVE-2020-28948 GHSA-jh5x-hfhg-78jq
Affected version: <1.4.11
Reported by:
GitHub -
[HIGH] Allows write operations with Directory Traversal due to inadequate checking of symbolic links
PKSA-8cyy-vwrf-269v CVE-2020-36193 GHSA-rpw6-9xfx-jvcx
Affected version: <1.4.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential file overwrite if archive filename starts with file://
PKSA-mrrr-hjw9-vps5 CVE-2020-28949 GHSA-75c5-f4gw-38r9
Affected version: <1.4.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential RCE if filename starts with phar://
PKSA-x2h6-cyyw-syx8 CVE-2018-1000888 GHSA-3q76-jq6m-573p
Affected version: <1.4.4
Reported by:
GitHub, FriendsOfPHP/security-advisories