You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Directory Traversal in Archive_Tar
High severity
GitHub Reviewed
Published
Apr 22, 2021
to the GitHub Advisory Database
•
Updated Jul 5, 2023
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
❗ Note:
There was an initial fix for this vulnerability made in version 1.4.12. That fix introduced a bug which was fixed in 1.4.13. Therefore we have set the first-patched-version to 1.4.13 which the earliest working version that avoids this vulnerability.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
❗ Note:
There was an initial fix for this vulnerability made in version
1.4.12
. That fix introduced a bug which was fixed in 1.4.13. Therefore we have set the first-patched-version to1.4.13
which the earliest working version that avoids this vulnerability.References