Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Jan 2022, 18:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/ - Mailing List, Third Party Advisory |
25 Sep 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Sep 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-59 |
23 Apr 2021, 12:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4894 - Third Party Advisory |
21 Apr 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jan 2021, 14:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/ - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202101-23 - Third Party Advisory | |
References | (CONFIRM) https://www.drupal.org/sa-core-2021-001 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html - Mailing List, Third Party Advisory |
28 Jan 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2021, 19:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (MISC) https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:php:archive_tar:*:*:*:*:*:*:*:* |
18 Jan 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-18 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-36193
Mitre link : CVE-2020-36193
CVE.ORG link : CVE-2020-36193
JSON object : View
Products Affected
debian
- debian_linux
php
- archive_tar
drupal
- drupal
fedoraproject
- fedora