Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/pear/archive_tar@1.4.12
purl pkg:composer/pear/archive_tar@1.4.12
Next non-vulnerable version 1.4.14
Latest non-vulnerable version 1.4.14
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-kc7d-5k6x-77bp
Aliases:
CVE-2020-36193
GHSA-rpw6-9xfx-jvcx
Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.
1.4.13
Affected by 1 other vulnerability.
VCID-tk1v-t2e5-jqae
Aliases:
CVE-2021-32610
GHSA-p8q8-jfcv-g2h2
Improper Link Resolution Before File Access In Archive_Tar, symlinks can refer to targets outside of the extracted archive.
1.4.14
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-v9v6-ae3e-g3hk Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33 CVE-2020-28948
GHSA-jh5x-hfhg-78jq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:27:53.200948+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.4.0
2026-04-16T21:21:33.580890+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.4.0
2026-04-11T22:40:50.172376+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.3.0
2026-04-11T22:34:02.679447+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.3.0
2026-04-02T22:51:18.682528+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.1.0
2026-04-02T22:45:08.294168+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.1.0
2026-04-02T12:37:39.791387+00:00 GitLab Importer Fixing VCID-v9v6-ae3e-g3hk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-28948.yml 38.0.0
2026-04-01T17:09:23.216775+00:00 GitLab Importer Affected by VCID-tk1v-t2e5-jqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml 38.0.0
2026-04-01T17:03:06.402010+00:00 GitLab Importer Affected by VCID-kc7d-5k6x-77bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml 38.0.0