Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PhpArchive Tar*

3 matches found

CVE
CVEadded 2020/11/19 6:14 p.m.951 views

CVE-2020-28949

CVE-2020-28949 affects PEAR Archive_Tar (v1.4.10 and earlier). The issue is that Archive_Tar’s filename sanitization only addressed phar attacks; other stream-wrapper attacks (e.g., file://) can overwrite files, enabling potential arbitrary file writes. Affected ecosystem includes PHP-pear compon...

7.8CVSS7.7AI score0.84554EPSS
In wild
CVE
CVEadded 2021/07/27 5:21 a.m.428 views

CVE-2021-32610

Archive_Tar (PHP PEAR) exposes CVE-2021-32610: in versions before 1.4.14, symlinks can point outside the extracted archive, enabling potential path traversal. This is described as a separate issue from CVE-2020-36193. The available connected documents identify affected component (Archive_Tar) and...

7.1CVSS7.4AI score0.73377EPSS
In wild
CVE
CVEadded 2020/11/19 6:14 p.m.419 views

CVE-2020-28948

CVE-2020-28948 affects Archive_Tar (PHP PEAR) up to version 1.4.10/1.4.11, where an unserialization flaw occurs because phar: is blocked but PHAR: is not blocked. This can enable write operations via directory traversal when processing crafted archives (documented as a related vulnerability to CV...

7.8CVSS7.7AI score0.47493EPSS
In wild