Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-36193

Published: 18/01/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Archive Tar

Vulnerability Summary

Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php archive tar

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

drupal drupal

Vendor Advisories

Debian CVElist Bug Report Logs: Disallow symlinks to out-of-path filenames (CVE-2020-36193)
Debian Bug report logs - #980428 Disallow symlinks to out-of-path filenames (CVE-2020-36193) Package: php-pear; Maintainer for php-pear is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Source for php-pear is src:php-pear (PTS, buildd, popcon) Reported by: David Prévot <taffit@debianorg> Date: Tue, 19 Ja ...
Debian Security Advisories: DSA-4894-1 php-pear -- security update
It was discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a directory traversal flaw due to inadequate checking of symbolic links For the stable distribution (buster), this problem has been fixed in version 1:1106+submodules+notgz-11+deb10u2 We recommend that you upgrade your php-pear packages For the detai ...
Red Hat: Moderate: php:7.4 security update
Synopsis Moderate: php:74 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Moderate: php-pear security update
Synopsis Moderate: php-pear security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for php-pear is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: php:7.4 security update
Synopsis Moderate: php:74 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...
Amazon Linux 2: ALAS2-2021-1602
Tarphp in Archive_Tar through 1411 allows write operations with Directory Traversal due to inadequate checking of symbolic links (CVE-2020-36193) ...
Amazon Linux AMI: ALAS-2021-1481
Tarphp in Archive_Tar through 1411 allows write operations with Directory Traversal due to inadequate checking of symbolic links (<a href="nvdnistgov/vuln/detail/CVE%2D2020%2D36193">cve-2020-36193</a>) ...
Arch Linux Issues:
Tarphp in Archive_Tar through 1411 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948 ...

References

CWE-22CWE-59https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916https://lists.debian.org/debian-lts-announce/2021/01/msg00018.htmlhttps://security.gentoo.org/glsa/202101-23https://www.drupal.org/sa-core-2021-001https://lists.debian.org/debian-lts-announce/2021/04/msg00007.htmlhttps://www.debian.org/security/2021/dsa-4894https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428https://www.debian.org/security/2021/dsa-4894
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook