Lucene search

K
osvGoogleOSV:GHSA-75C5-F4GW-38R9
HistoryApr 22, 2021 - 4:20 p.m.

Multiple vulnerabilities through filename manipulation in Archive_Tar

2021-04-2216:20:59
Google
osv.dev
24
archive_tar
vulnerabilities
filename manipulation

EPSS

0.944

Percentile

99.3%

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33

References