Описание
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences (/../) to modify arbitrary files on the system.
Отчет
php-pear 7.2 and 7.3 have been marked End of Life at the time this CVE was released. Therefore no patches would be made available for those versions.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 6 | php-pear | Out of support scope | ||
Red Hat Enterprise Linux 8 | php:7.2/php-pear | Will not fix | ||
Red Hat Enterprise Linux 8 | php:7.3/php-pear | Will not fix | ||
Red Hat Enterprise Linux 9 | php-pear | Not affected | ||
Red Hat Software Collections | rh-php73-php-pear | Will not fix | ||
Red Hat Enterprise Linux 7 | php-pear | Fixed | RHSA-2022:7340 | 02.11.2022 |
Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2022:6542 | 15.09.2022 |
Red Hat Enterprise Linux 8.4 Extended Update Support | php | Fixed | RHSA-2022:6541 | 15.09.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...
EPSS
7.5 High
CVSS3