PHP Archive Tar
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHP Archive Tar.
By the Year
In 2024 there have been 0 vulnerabilities in PHP Archive Tar . Archive Tar did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 2 | 7.30 |
2020 | 2 | 7.80 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Archive Tar vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHP Archive Tar Security Vulnerabilities
In Archive_Tar before 1.4.14, symlinks
CVE-2021-32610
7.1 - High
- July 30, 2021
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
insecure temporary file
Tar.php in Archive_Tar through 1.4.11
CVE-2020-36193
7.5 - High
- January 18, 2021
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Directory traversal
Archive_Tar through 1.4.10
CVE-2020-28948
7.8 - High
- November 19, 2020
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Marshaling, Unmarshaling
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files)
CVE-2020-28949
7.8 - High
- November 19, 2020
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by PHP? Click the Watch button to subscribe.