VulnerableCode Package Details - pkg:alpm/archlinux/nextcloud@20.0.5-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/nextcloud@20.0.5-2

Essentials
History (2)

purl	pkg:alpm/archlinux/nextcloud@20.0.5-2

Next non-vulnerable version	20.0.6-1
Latest non-vulnerable version	22.2.0-1
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-kc7d-5k6x-77bp Aliases: CVE-2020-36193 GHSA-rpw6-9xfx-jvcx	Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.	20.0.6-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T05:35:35.128735+00:00	Arch Linux Importer	Affected by	VCID-kc7d-5k6x-77bp	https://security.archlinux.org/AVG-1464	38.1.0
2026-04-01T18:26:55.942329+00:00	Arch Linux Importer	Affected by	VCID-kc7d-5k6x-77bp	https://security.archlinux.org/AVG-1464	38.0.0