PHP Archive Tar
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHP Archive Tar.
By the Year
In 2026 there have been 0 vulnerabilities in PHP Archive Tar. Archive Tar did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 6.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 7.30 |
| 2020 | 2 | 7.80 |
It may take a day or so for new Archive Tar vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHP Archive Tar Security Vulnerabilities
PHP Cookie name flaw: insecure cookie treated as __Host-/__Secure-
CVE-2024-2756
6.5 - Medium
- April 29, 2024
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Improper Input Validation
In Archive_Tar before 1.4.14, symlinks
CVE-2021-32610
7.1 - High
- July 30, 2021
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
insecure temporary file
Tar.php in Archive_Tar through 1.4.11
CVE-2020-36193
7.5 - High
- January 18, 2021
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
insecure temporary file
Archive_Tar through 1.4.10
CVE-2020-28948
7.8 - High
- November 19, 2020
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Marshaling, Unmarshaling
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files)
CVE-2020-28949
7.8 - High
- November 19, 2020
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHP Archive Tar or by PHP? Click the Watch button to subscribe.
