GHSA-p8q8-jfcv-g2h2

Suggest an improvement
Source
https://github.com/advisories/GHSA-p8q8-jfcv-g2h2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-p8q8-jfcv-g2h2/GHSA-p8q8-jfcv-g2h2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p8q8-jfcv-g2h2
Aliases
Published
2021-08-09T20:40:06Z
Modified
2024-02-17T05:35:48.258979Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Directory Traversal in Archive_Tar
Details

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

References

Affected packages

Packagist / pear/archive_tar

Package

Name
pear/archive_tar
Purl
pkg:composer/pear/archive_tar

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.14

Affected versions

1.*

1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13