In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
{ "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ], "severity": "Medium" }