archive_tar is vulnerable to directory traversal. The vulnerability exists due to the lack of sanitization of symbolic links to out-of-path filenames, allowing an attacker to inject ../ characters in a file or folder name to perform symlink attacks.

References

github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916

lists.debian.org/debian-lts-announce/2021/01/msg00018.html

lists.debian.org/debian-lts-announce/2021/04/msg00007.html

lists.fedoraproject.org/archives/list/[email protected]/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

lists.fedoraproject.org/archives/list/[email protected]/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/

lists.fedoraproject.org/archives/list/[email protected]/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

lists.fedoraproject.org/archives/list/[email protected]/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/

security.gentoo.org/glsa/202101-23

www.debian.org/security/2021/dsa-4894

www.drupal.org/sa-core-2021-001

openvas 19

mageia 1

suse 3

checkpoint_advisories 1

debian 4

amazon 3

nessus 36

drupal 1

friendsofphp 1

osv 11

fedora 4

ibm 1

thn 2

redhatcve 2

ubuntu 1

cisa_kev 1

alpinelinux 2

prion 2

debiancve 2

cvelist 2

nvd 2

archlinux 1

ubuntucve 2

attackerkb 2

github 2

cve 2

almalinux 1

redhat 3

rocky 1

gentoo 1

oraclelinux 2

openvas

Debian: Security Advisory (DSA-4894-1)

2021-04-21 00:00:00

openSUSE: Security Advisory for php7-pear (openSUSE-SU-2021:3018-1)

2021-09-14 00:00:00

Fedora: Security Advisory for php-pear (FEDORA-2021-dc7de65eed)

2021-01-29 00:00:00

mageia

Updated php-pear packages fix a security vulnerability

2021-02-01 00:34:26

suse

Security update for php7-pear (important)

2021-09-13 00:00:00

Security update for php7 (important)

2021-08-30 00:00:00

Security update for php7-pear (important)

2021-09-15 00:00:00

checkpoint_advisories

PHP Archive_Tar Directory Traversal (CVE-2020-36193)

2022-11-23 00:00:00

debian

[SECURITY] [DSA 4894-1] php-pear security update

2021-04-20 18:12:17

[SECURITY] [DLA-2530-1] drupal7 security update

2021-01-21 20:00:27

[SECURITY] [DSA 4894-1] php-pear security update

2021-04-20 18:12:17

amazon

Important: php-pear

2021-02-17 18:11:00

Medium: php7-pear

2021-02-16 00:13:00

Medium: php-pear

2021-09-08 23:35:00

nessus

Debian DLA-2530-1 : drupal7 security update

2021-01-22 00:00:00

Debian DSA-4894-1 : php-pear - security update

2021-04-21 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PEAR vulnerability (USN-4723-1)

2021-02-08 00:00:00

drupal

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

2021-01-20 00:00:00

friendsofphp

Allows write operations with Directory Traversal due to inadequate checking of symbolic links

2021-01-18 00:00:00

osv

php-pear - security update

2021-04-20 00:00:00

drupal7 - security update

2021-01-21 00:00:00

php-pear - security update

2021-04-08 00:00:00

fedora

[SECURITY] Fedora 32 Update: php-pear-1.10.12-5.fc32

2021-01-27 04:11:59

[SECURITY] Fedora 33 Update: php-pear-1.10.12-5.fc33

2021-01-28 01:43:30

[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34

2021-09-19 04:48:53

ibm

Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193)

2021-04-06 21:28:54

thn

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

2022-04-02 05:17:00

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

2022-08-29 04:23:00

redhatcve

CVE-2020-36193

2021-03-25 12:52:50

CVE-2021-32610

2021-07-30 20:19:56

ubuntu

PEAR vulnerability

2021-02-08 00:00:00

cisa_kev

PEAR Archive_Tar Improper Link Resolution Vulnerability

2022-08-25 00:00:00

alpinelinux

CVE-2020-36193

2021-01-18 20:15:12

CVE-2021-32610

2021-07-30 14:15:16

prion

Design/Logic Flaw

2021-07-30 14:15:00

Directory traversal

2021-01-18 20:15:00

debiancve

CVE-2020-36193

2021-01-18 20:15:12

CVE-2021-32610

2021-07-30 14:15:16

cvelist

CVE-2021-32610

2021-07-27 05:21:47

CVE-2020-36193

2021-01-18 19:24:18

nvd

CVE-2020-36193

2021-01-18 20:15:12

CVE-2021-32610

2021-07-30 14:15:16

archlinux

[ASA-202102-7] nextcloud: directory traversal

2021-02-06 00:00:00

ubuntucve

CVE-2021-32610

2021-07-27 00:00:00

CVE-2020-36193

2021-01-18 00:00:00

attackerkb

CVE-2021-32610

2021-07-30 00:00:00

CVE-2020-36193

2021-01-18 00:00:00

github

Directory Traversal in Archive_Tar

2021-04-22 16:20:36

Directory Traversal in Archive_Tar

2021-08-09 20:40:06

cve

CVE-2020-36193

2021-01-18 20:15:12

CVE-2021-32610

2021-07-30 14:15:16

almalinux

Moderate: php:7.4 security update

2022-09-15 00:00:00

redhat

(RHSA-2022:7340) Moderate: php-pear security update

2022-11-02 16:04:25

(RHSA-2022:6542) Moderate: php:7.4 security update

2022-09-15 08:06:55

(RHSA-2022:6541) Moderate: php:7.4 security update

2022-09-15 08:06:49

rocky

php:7.4 security update

2022-09-15 08:06:55

gentoo

PEAR Archive_Tar: Directory traversal

2021-01-26 00:00:00

oraclelinux

php:7.4 security update

2022-09-16 00:00:00

php-pear security update

2022-11-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.882

Percentile

98.7%

JSON

Related for VERACODE:29022