Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/pear/archive_tar@1.4.11
purl pkg:composer/pear/archive_tar@1.4.11
Next non-vulnerable version 1.4.14
Latest non-vulnerable version 1.4.14
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-kc7d-5k6x-77bp
Aliases:
CVE-2020-36193
GHSA-rpw6-9xfx-jvcx
Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.
1.4.13
Affected by 1 other vulnerability.
VCID-tk1v-t2e5-jqae
Aliases:
CVE-2021-32610
GHSA-p8q8-jfcv-g2h2
Improper Link Resolution Before File Access In Archive_Tar, symlinks can refer to targets outside of the extracted archive.
1.4.14
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-gbz5-5frj-hber Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33 CVE-2020-28949
GHSA-75c5-f4gw-38r9
VCID-v9v6-ae3e-g3hk Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33 CVE-2020-28948
GHSA-jh5x-hfhg-78jq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:27:53.197629+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.4.0
2026-04-16T21:21:34.486503+00:00 GitLab Importer Fixing VCID-gbz5-5frj-hber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-28949.yml 38.4.0
2026-04-16T21:21:33.577726+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.4.0
2026-04-11T22:40:50.168810+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.3.0
2026-04-11T22:34:03.610270+00:00 GitLab Importer Fixing VCID-gbz5-5frj-hber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-28949.yml 38.3.0
2026-04-11T22:34:02.675740+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.3.0
2026-04-02T22:51:18.679256+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.1.0
2026-04-02T22:45:09.168577+00:00 GitLab Importer Fixing VCID-gbz5-5frj-hber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-28949.yml 38.1.0
2026-04-02T22:45:08.290745+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.1.0
2026-04-02T16:56:31.354938+00:00 GHSA Importer Fixing VCID-gbz5-5frj-hber https://github.com/advisories/GHSA-75c5-f4gw-38r9 38.1.0
2026-04-02T16:56:31.310800+00:00 GHSA Importer Fixing VCID-v9v6-ae3e-g3hk https://github.com/advisories/GHSA-jh5x-hfhg-78jq 38.1.0
2026-04-02T16:56:31.261212+00:00 GHSA Importer Affected by VCID-kc7d-5k6x-77bp https://github.com/advisories/GHSA-rpw6-9xfx-jvcx 38.1.0
2026-04-01T17:09:23.213248+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.0.0
2026-04-01T17:03:07.371398+00:00 GitLab Importer Fixing VCID-gbz5-5frj-hber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-28949.yml 38.0.0
2026-04-01T17:03:06.396900+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.0.0
2026-04-01T13:00:53.775242+00:00 GithubOSV Importer Fixing VCID-v9v6-ae3e-g3hk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-jh5x-hfhg-78jq/GHSA-jh5x-hfhg-78jq.json 38.0.0
2026-04-01T13:00:43.252006+00:00 GithubOSV Importer Fixing VCID-gbz5-5frj-hber https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-75c5-f4gw-38r9/GHSA-75c5-f4gw-38r9.json 38.0.0