An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "3.0.0"
},
{
"last_affected": "3.10.6"
},
{
"introduced": "4.0.0"
},
{
"last_affected": "4.1.0"
}
],
"cpe": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*"
}