GoogleOSV:USN-5027-1

HistoryJul 29, 2021 - 4:35 p.m.

php-pear vulnerability

2021-07-2916:35:13

Google

osv.dev

pear

vulnerability

symbolic links

remote attacker

arbitrary code

software

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

It was discovered that PEAR incorrectly handled symbolic links in archives.
A remote attacker could possibly use this issue to execute arbitrary code.

References

ubuntu.com/security/CVE-2021-32610

ubuntu.com/security/notices/USN-5027-1

nessus

Drupal 7.x < 7.82 / 8.9.x < 8.9.17 / 9.1.x < 9.1.11 / 9.2.x < 9.2.2 Drupal Vulnerability (SA-CORE-2021-004)

2021-07-22 00:00:00

Ubuntu 16.04 ESM : PEAR vulnerability (USN-5027-2)

2021-08-05 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS : PEAR vulnerability (USN-5027-1)

2021-07-29 00:00:00

openvas

Drupal 7.x < 7.82, 8.0.x < 8.9.17, 9.x < 9.1.11, 9.2.x < 9.2.2 Archive_Tar library Vulnerability (SA-CORE-2021-004) - Windows

2021-07-22 00:00:00

Fedora: Security Advisory for php-pear (FEDORA-2021-6cf271948a)

2021-07-30 00:00:00

openSUSE: Security Advisory for php8 (SUSE-SU-2022:3198-2)

2024-03-04 00:00:00

osv

drupal7 - security update

2021-07-26 00:00:00

php-pear vulnerability

2021-08-04 13:09:44

Directory Traversal in Archive_Tar

2021-08-09 20:40:06

fedora

[SECURITY] Fedora 34 Update: php-pear-1.10.12-9.fc34

2021-07-30 01:02:14

[SECURITY] Fedora 33 Update: php-pear-1.10.12-9.fc33

2021-07-30 01:00:46

[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34

2021-09-19 04:48:53

mageia

Updated php-pear packages fix security vulnerability

2021-08-06 12:33:48

nextcloud

Nextcloud Server shipped insecure Archive_Tar version

2021-10-25 11:03:17

drupal

Drupal core - Critical - Drupal core - Critical - Third-party libraries - SA-CORE-2021-004

2021-07-21 00:00:00

ubuntu

PEAR vulnerability

2021-07-29 00:00:00

PEAR vulnerability

2021-08-04 00:00:00

ibm

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610)

2021-11-01 15:52:25

veracode

Directory Traversal

2021-07-22 08:18:53

debian

[SECURITY] [DLA 2721-1] drupal7 security update

2021-07-26 17:58:13

prion

Design/Logic Flaw

2021-07-30 14:15:00

cvelist

CVE-2021-32610

2021-07-27 05:21:47

nvd

CVE-2021-32610

2021-07-30 14:15:16

ubuntucve

CVE-2021-32610

2021-07-27 00:00:00

attackerkb

CVE-2021-32610

2021-07-30 00:00:00

debiancve

CVE-2021-32610

2021-07-30 14:15:16

redhatcve

CVE-2021-32610

2021-07-30 20:19:56

alpinelinux

CVE-2021-32610

2021-07-30 14:15:16

cve

CVE-2021-32610

2021-07-30 14:15:16

github

Directory Traversal in Archive_Tar

2021-08-09 20:40:06

amazon

Medium: php-pear

2021-09-08 23:35:00

oraclelinux

php:7.4 security, bug fix, and enhancement update

2022-11-15 00:00:00

rocky

php:7.4 security, bug fix, and enhancement update

2022-11-08 06:25:00

redhat

(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update

2022-11-08 06:25:00

almalinux

Moderate: php:7.4 security, bug fix, and enhancement update

2022-11-08 00:00:00

php-pear vulnerability

References

Related