Archive Tar PHP Archive Tar

Do you want an email whenever new security vulnerabilities are reported in PHP Archive Tar?

By the Year

In 2021 there have been 1 vulnerability in PHP Archive Tar with an average score of 7.5 out of ten. Last year Archive Tar had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Archive Tar in 2021 could surpass last years number. Last year, the average CVE base score was greater by 0.30

Year Vulnerabilities Average Score
2021 1 7.50
2020 2 7.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Archive Tar vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest PHP Archive Tar Security Vulnerabilities

Tar.php in Archive_Tar through 1.4.11

CVE-2020-36193 7.5 - High - January 18, 2021

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Directory traversal

Archive_Tar through 1.4.10

CVE-2020-28948 7.8 - High - November 19, 2020

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Marshaling, Unmarshaling

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files)

CVE-2020-28949 7.8 - High - November 19, 2020

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by PHP? Click the Watch button to subscribe.

subscribe