VulnerableCode Package Details - pkg:apk/alpine/drupal7@7.75-r0?arch=armhf&distroversion=v3.12&reponame=community

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/drupal7@7.75-r0?arch=armhf&distroversion=v3.12&reponame=community

purl	pkg:apk/alpine/drupal7@7.75-r0?arch=armhf&distroversion=v3.12&reponame=community

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-gbz5-5frj-hber	Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33	CVE-2020-28949 GHSA-75c5-f4gw-38r9
VCID-v9v6-ae3e-g3hk	Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33	CVE-2020-28948 GHSA-jh5x-hfhg-78jq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T19:08:18.447762+00:00	Alpine Linux Importer	Fixing	VCID-v9v6-ae3e-g3hk	https://secdb.alpinelinux.org/v3.12/community.json	38.0.0
2026-04-01T18:56:09.474234+00:00	Alpine Linux Importer	Fixing	VCID-gbz5-5frj-hber	https://secdb.alpinelinux.org/v3.12/community.json	38.0.0