Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-36193HistoryJan 18, 2021 - 8:15 p.m.
CVE-2020-36193
2021-01-1820:15:12
Debian Security Bug Tracker
security-tracker.debian.org
11
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.882 High
EPSS
Percentile
98.7%
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | php-pear | < 1:1.10.12+submodules+notgz+20210212-1 | php-pear_1:1.10.12+submodules+notgz+20210212-1_all.deb |
| Debian | 11 | all | php-pear | < 1:1.10.12+submodules+notgz+20210212-1 | php-pear_1:1.10.12+submodules+notgz+20210212-1_all.deb |
| Debian | 10 | all | php-pear | < 1:1.10.6+submodules+notgz-1.1+deb10u2 | php-pear_1:1.10.6+submodules+notgz-1.1+deb10u2_all.deb |
| Debian | 999 | all | php-pear | < 1:1.10.12+submodules+notgz+20210212-1 | php-pear_1:1.10.12+submodules+notgz+20210212-1_all.deb |
| Debian | 13 | all | php-pear | < 1:1.10.12+submodules+notgz+20210212-1 | php-pear_1:1.10.12+submodules+notgz+20210212-1_all.deb |
Related
nessus
nessus
Fedora 32 : 1:php-pear (2021-02996612f6)
2021-01-27 00:00:00
SUSE SLES12 Security Update : php74-pear (SUSE-SU-2021:3006-1)
2021-09-10 00:00:00
openSUSE 15 Security Update : php7-pear (openSUSE-SU-2021:1267-1)
2021-09-16 00:00:00
alpinelinux
alpinelinux
openvas
openvas
Debian: Security Advisory (DLA-2621-1)
2021-04-09 00:00:00
Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2021-1884)
2021-05-19 00:00:00
Fedora: Security Advisory for drupal7 (FEDORA-2021-0c013f520c)
2021-10-02 00:00:00
archlinux
archlinux
[ASA-202102-7] nextcloud: directory traversal
2021-02-06 00:00:00
debian
debian
[SECURITY] [DLA 2621-1] php-pear security update
2021-04-08 16:30:27
[SECURITY] [DSA 4894-1] php-pear security update
2021-04-20 18:12:17
[SECURITY] [DLA-2530-1] drupal7 security update
2021-01-21 20:00:27
osv
osv
CVE-2020-36193
2021-01-18 20:15:12
Directory Traversal in Archive_Tar
2021-04-22 16:20:36
BIT-drupal-2020-36193
2024-03-06 10:55:50
nvd
nvd
cve
cve
ubuntucve
ubuntucve
github
github
Directory Traversal in Archive_Tar
2021-04-22 16:20:36
Deserialization of Untrusted Data in Archive_Tar
2021-04-22 16:20:50
Drupal core Arbitrary PHP code execution
2024-05-15 20:50:24
attackerkb
attackerkb
prion
prion
Directory traversal
2021-01-18 20:15:00
Code injection
2020-11-19 19:15:00
Design/Logic Flaw
2021-07-30 14:15:00
cvelist
cvelist
almalinux
almalinux
Moderate: php:7.4 security update
2022-09-15 00:00:00
redhat
redhat
(RHSA-2022:7340) Moderate: php-pear security update
2022-11-02 16:04:25
(RHSA-2022:6541) Moderate: php:7.4 security update
2022-09-15 08:06:49
(RHSA-2022:6542) Moderate: php:7.4 security update
2022-09-15 08:06:55
oraclelinux
oraclelinux
php:7.4 security update
2022-09-16 00:00:00
php-pear security update
2022-11-03 00:00:00
rocky
rocky
php:7.4 security update
2022-09-15 08:06:55
gentoo
gentoo
PEAR Archive_Tar: Directory traversal
2021-01-26 00:00:00
suse
suse
Security update for php7-pear (important)
2021-09-13 00:00:00
Security update for php7 (important)
2021-08-30 00:00:00
Security update for php7-pear (important)
2021-09-15 00:00:00
mageia
mageia
Updated php-pear packages fix a security vulnerability
2021-02-01 00:34:26
Updated php-pear packages fix security vulnerabilities
2020-12-08 13:40:32
veracode
veracode
Directory Traversal
2021-01-19 01:26:39
Remote Code Execution
2020-11-20 12:01:46
fedora
fedora
[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34
2021-09-19 04:48:53
[SECURITY] Fedora 35 Update: drupal7-7.82-1.fc35
2021-09-24 20:51:51
[SECURITY] Fedora 32 Update: php-pear-1.10.12-5.fc32
2021-01-27 04:11:59
debiancve
debiancve
CVE-2020-28948
2020-11-19 19:15:11
CVE-2021-32610
2021-07-30 14:15:16
drupal
drupal
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
2021-01-20 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
2020-11-25 00:00:00
amazon
amazon
Important: php-pear
2021-02-17 18:11:00
Medium: php7-pear
2021-02-16 00:13:00
Medium: php-pear
2021-09-08 23:35:00
checkpoint_advisories
checkpoint_advisories
PHP Archive_Tar Directory Traversal (CVE-2020-36193)
2022-11-23 00:00:00
PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)
2022-10-18 00:00:00
friendsofphp
friendsofphp
ibm
ibm
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2021-05-24 15:36:16
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2020-11-27 11:21:46
cisa_kev
cisa_kev
PEAR Archive_Tar Improper Link Resolution Vulnerability
2022-08-25 00:00:00
redhatcve
redhatcve
ubuntu
ubuntu
PEAR vulnerability
2021-02-08 00:00:00
PEAR vulnerabilities
2020-12-01 00:00:00
thn
thn
15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks
2022-04-02 05:17:00
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
2022-08-29 04:23:00
f5
f5
K58581302 : Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949
2020-12-03 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.882 High
EPSS
Percentile
98.7%
Related for DEBIANCVE:CVE-2020-36193