Releases23
Frequency6 months 3 weeks
Last Release
Stars76

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 1.4.147.1 HIGH3.6 LOW

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

<= 1.4.117.5 HIGH5 MEDIUM

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

< 1.4.117.8 HIGH6.8 MEDIUM

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

< 1.4.127.8 HIGH6.8 MEDIUM

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.