CVE-2020-36193

Опубликовано: 18 янв. 2021

Источник: debian

EPSS Высокий

Описание

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal7	removed			package
php-pear	fixed	1:1.10.12+submodules+notgz+20210212-1		package

Примечания

https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
https://github.com/pear/Archive_Tar/commit/dc721bd8616e05ea89b7abcff4cf1e3e96963183
https://github.com/pear/Archive_Tar/commit/b6da5c32254162fa0752616479fb3d3c5297c1cf
https://github.com/pear/Archive_Tar/commit/7d8782d95f74b5889bfaaad43e74086f1918ec2b
https://www.drupal.org/sa-core-2021-001

EPSS

Процентиль: 99%

0.81263

Высокий

Связанные уязвимости

CVE-2020-36193

CVSS3: 7.5

ubuntu

больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE-2020-36193

CVSS3: 7.5

redhat

больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE-2020-36193

CVSS3: 7.5

nvd

больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

openSUSE-SU-2021:3018-1

suse-cvrf

почти 4 года назад

Security update for php7-pear

openSUSE-SU-2021:2872-1

suse-cvrf

почти 4 года назад

Security update for php7

EPSS

Процентиль: 99%

0.81263

Высокий