Lucene search
Alpine Linux Development TeamALPINE:CVE-2020-36193HistoryJan 18, 2021 - 8:15 p.m.
CVE-2020-36193
2021-01-1820:15:12
Alpine Linux Development Team
security.alpinelinux.org
25
archive_tar
directory traversal
tar.php
symbolic links
unix
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.882
Percentile
98.7%
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.12-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.13-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.14-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.15-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | drupal7 | < 7.78-r0 | UNKNOWN |
Related
nessus
nessus
SUSE SLES15 Security Update : php7-pear (SUSE-SU-2021:3018-1)
2021-09-14 00:00:00
SUSE SLED12 / SLES12 Security Update : php72 (SUSE-SU-2021:2926-1)
2021-09-04 00:00:00
Debian DLA-2621-1 : php-pear security update
2021-04-09 00:00:00
debian
debian
[SECURITY] [DLA 2621-1] php-pear security update
2021-04-08 16:30:27
[SECURITY] [DSA 4894-1] php-pear security update
2021-04-20 18:12:17
[SECURITY] [DLA-2530-1] drupal7 security update
2021-01-21 20:00:27
osv
osv
CVE-2020-36193
2021-01-18 20:15:12
BIT-drupal-2020-36193
2024-03-06 10:55:50
Directory Traversal in Archive_Tar
2021-04-22 16:20:36
openvas
openvas
Debian: Security Advisory (DLA-2621-1)
2021-04-09 00:00:00
Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2021-1884)
2021-05-19 00:00:00
openSUSE: Security Advisory for php7-pear (openSUSE-SU-2021:3018-1)
2021-09-14 00:00:00
debiancve
debiancve
nvd
nvd
archlinux
archlinux
[ASA-202102-7] nextcloud: directory traversal
2021-02-06 00:00:00
github
github
Directory Traversal in Archive_Tar
2021-04-22 16:20:36
Deserialization of Untrusted Data in Archive_Tar
2021-04-22 16:20:50
Directory Traversal in Archive_Tar
2021-08-09 20:40:06
ubuntucve
ubuntucve
cve
cve
attackerkb
attackerkb
cvelist
cvelist
prion
prion
Directory traversal
2021-01-18 20:15:00
Code injection
2020-11-19 19:15:00
Design/Logic Flaw
2021-07-30 14:15:00
redhat
redhat
(RHSA-2022:6542) Moderate: php:7.4 security update
2022-09-15 08:06:55
(RHSA-2022:7340) Moderate: php-pear security update
2022-11-02 16:04:25
(RHSA-2022:6541) Moderate: php:7.4 security update
2022-09-15 08:06:49
rocky
rocky
php:7.4 security update
2022-09-15 08:06:55
almalinux
almalinux
Moderate: php:7.4 security update
2022-09-15 00:00:00
gentoo
gentoo
PEAR Archive_Tar: Directory traversal
2021-01-26 00:00:00
oraclelinux
oraclelinux
php:7.4 security update
2022-09-16 00:00:00
php-pear security update
2022-11-03 00:00:00
veracode
veracode
Directory Traversal
2021-01-19 01:26:39
Remote Code Execution
2020-11-20 12:01:46
mageia
mageia
Updated php-pear packages fix a security vulnerability
2021-02-01 00:34:26
Updated php-pear packages fix security vulnerabilities
2020-12-08 13:40:32
suse
suse
Security update for php7-pear (important)
2021-09-13 00:00:00
Security update for php7 (important)
2021-08-30 00:00:00
Security update for php7-pear (important)
2021-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: php-pear-1.10.12-5.fc32
2021-01-27 04:11:59
[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34
2021-09-19 04:48:53
[SECURITY] Fedora 35 Update: drupal7-7.82-1.fc35
2021-09-24 20:51:51
ibm
ibm
checkpoint_advisories
checkpoint_advisories
PHP Archive_Tar Directory Traversal (CVE-2020-36193)
2022-11-23 00:00:00
PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)
2022-10-18 00:00:00
amazon
amazon
Important: php-pear
2021-02-17 18:11:00
Medium: php7-pear
2021-02-16 00:13:00
Medium: php-pear
2021-09-08 23:35:00
drupal
drupal
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
2021-01-20 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
2020-11-25 00:00:00
friendsofphp
friendsofphp
thn
thn
15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks
2022-04-02 05:17:00
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
2022-08-29 04:23:00
redhatcve
redhatcve
ubuntu
ubuntu
PEAR vulnerability
2021-02-08 00:00:00
PEAR vulnerabilities
2020-12-01 00:00:00
Drupal vulnerabilities
2024-09-03 00:00:00
cisa_kev
cisa_kev
PEAR Archive_Tar Improper Link Resolution Vulnerability
2022-08-25 00:00:00
alpinelinux
alpinelinux
CVE-2020-28948
2020-11-19 19:15:11
CVE-2021-32610
2021-07-30 14:15:16
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2020-11-27 11:21:46
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2021-05-24 15:36:16
f5
f5
K58581302 : Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949
2020-12-03 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.882
Percentile
98.7%
Related for ALPINE:CVE-2020-36193