Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36193

Опубликовано: 27 янв. 2021
Источник: redhat
CVSS3: 7.5
EPSS Высокий

Описание

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences (/../) to modify arbitrary files on the system.

Отчет

php-pear 7.2 and 7.3 have been marked End of Life at the time this CVE was released. Therefore no patches would be made available for those versions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6php-pearOut of support scope
Red Hat Enterprise Linux 8php:7.2/php-pearWill not fix
Red Hat Enterprise Linux 8php:7.3/php-pearWill not fix
Red Hat Enterprise Linux 9php-pearNot affected
Red Hat Software Collectionsrh-php73-php-pearWill not fix
Red Hat Enterprise Linux 7php-pearFixedRHSA-2022:734002.11.2022
Red Hat Enterprise Linux 8phpFixedRHSA-2022:654215.09.2022
Red Hat Enterprise Linux 8.4 Extended Update SupportphpFixedRHSA-2022:654115.09.2022

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1942961Archive_Tar: directory traversal due to inadequate checking of symbolic links

EPSS

Процентиль: 99%
0.76272
Высокий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVSS3: 7.5
nvd
больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVSS3: 7.5
debian
больше 4 лет назад

Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...

suse-cvrf
почти 4 года назад

Security update for php7-pear

suse-cvrf
почти 4 года назад

Security update for php7

EPSS

Процентиль: 99%
0.76272
Высокий

7.5 High

CVSS3