Описание
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| drupal7 | removed | package | ||
| php-pear | fixed | 1:1.10.13+submodules+notgz-1 | package | |
| php-pear | no-dsa | bullseye | package | |
| php-pear | no-dsa | buster | package | |
| php-pear | no-dsa | stretch | package |
Примечания
https://www.drupal.org/sa-core-2021-004
https://pear.php.net/package/Archive_Tar/download/1.4.14/
https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14)
EPSS
Связанные уязвимости
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
EPSS