Описание
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | released | 7.44-1ubuntu1~16.04.0+esm2 |
| esm-infra-legacy/trusty | not-affected | 7.26-1ubuntu0.1+esm2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2 |
| devel | released | 1:1.10.9+submodules+notgz-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2 |
| esm-infra/focal | not-affected | 1:1.10.9+submodules+notgz-1ubuntu0.20.04.1 |
| esm-infra/xenial | not-affected | 1:1.10.1+submodules+notgz-6ubuntu0.2 |
| focal | released | 1:1.10.9+submodules+notgz-1ubuntu0.20.04.1 |
| groovy | released | 1:1.10.9+submodules+notgz-1ubuntu0.20.10.1 |
| hirsute | released | 1:1.10.9+submodules+notgz-1ubuntu1 |
| impish | released | 1:1.10.9+submodules+notgz-1ubuntu1 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...
Multiple vulnerabilities through filename manipulation in Archive_Tar
Уязвимость класса Archive_Tar библиотеки PHP классов PEAR, позволяющая нарушителю выполнить перезапись защищаемых файлов
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3