VulnerableCode Package Details - pkg:composer/pear/archive

Search for packages

Vulnerability	Summary	Fixed by
VCID-tk1v-t2e5-jqae Aliases: CVE-2021-32610 GHSA-p8q8-jfcv-g2h2	Improper Link Resolution Before File Access In Archive_Tar, symlinks can refer to targets outside of the extracted archive.	1.4.14 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-tk1v-t2e5-jqae
Aliases:
CVE-2021-32610
GHSA-p8q8-jfcv-g2h2

Improper Link Resolution Before File Access In Archive_Tar, symlinks can refer to targets outside of the extracted archive.

1.4.14
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-kc7d-5k6x-77bp	Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.	CVE-2020-36193 GHSA-rpw6-9xfx-jvcx

Vulnerability

Summary

Aliases

VCID-kc7d-5k6x-77bp

Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.

CVE-2020-36193
GHSA-rpw6-9xfx-jvcx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:27:53.204342+00:00	GitLab Importer	Affected by	VCID-tk1v-t2e5-jqae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml	38.4.0
2026-04-16T21:21:33.584203+00:00	GitLab Importer	Fixing	VCID-kc7d-5k6x-77bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml	38.4.0
2026-04-11T22:40:50.175936+00:00	GitLab Importer	Affected by	VCID-tk1v-t2e5-jqae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml	38.3.0
2026-04-11T22:34:02.683156+00:00	GitLab Importer	Fixing	VCID-kc7d-5k6x-77bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml	38.3.0
2026-04-02T22:51:18.685783+00:00	GitLab Importer	Affected by	VCID-tk1v-t2e5-jqae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml	38.1.0
2026-04-02T22:45:08.297621+00:00	GitLab Importer	Fixing	VCID-kc7d-5k6x-77bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml	38.1.0
2026-04-02T16:56:31.264576+00:00	GHSA Importer	Fixing	VCID-kc7d-5k6x-77bp	https://github.com/advisories/GHSA-rpw6-9xfx-jvcx	38.1.0
2026-04-01T17:09:23.220484+00:00	GitLab Importer	Affected by	VCID-tk1v-t2e5-jqae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2021-32610.yml	38.0.0
2026-04-01T17:03:06.405402+00:00	GitLab Importer	Fixing	VCID-kc7d-5k6x-77bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pear/archive_tar/CVE-2020-36193.yml	38.0.0
2026-04-01T13:00:49.811925+00:00	GithubOSV Importer	Fixing	VCID-kc7d-5k6x-77bp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-rpw6-9xfx-jvcx/GHSA-rpw6-9xfx-jvcx.json	38.0.0