Archive Tar PHP Archive Tar

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in PHP Archive Tar.

By the Year

In 2024 there have been 0 vulnerabilities in PHP Archive Tar . Archive Tar did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 2 7.30
2020 2 7.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Archive Tar vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent PHP Archive Tar Security Vulnerabilities

In Archive_Tar before 1.4.14, symlinks

CVE-2021-32610 7.1 - High - July 30, 2021

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

insecure temporary file

Tar.php in Archive_Tar through 1.4.11

CVE-2020-36193 7.5 - High - January 18, 2021

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Directory traversal

Archive_Tar through 1.4.10

CVE-2020-28948 7.8 - High - November 19, 2020

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Marshaling, Unmarshaling

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files)

CVE-2020-28949 7.8 - High - November 19, 2020

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by PHP? Click the Watch button to subscribe.

PHP
Vendor

subscribe