VulnerableCode Package Details - pkg:ebuild/dev-php/PEAR-Archive

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gbz5-5frj-hber	Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33	CVE-2020-28949 GHSA-75c5-f4gw-38r9
VCID-kc7d-5k6x-77bp	Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.	CVE-2020-36193 GHSA-rpw6-9xfx-jvcx
VCID-v9v6-ae3e-g3hk	Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33	CVE-2020-28948 GHSA-jh5x-hfhg-78jq

Vulnerability

Summary

Aliases

VCID-gbz5-5frj-hber

Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33

CVE-2020-28949
GHSA-75c5-f4gw-38r9

VCID-kc7d-5k6x-77bp

Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.

CVE-2020-36193
GHSA-rpw6-9xfx-jvcx

VCID-v9v6-ae3e-g3hk

Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33

CVE-2020-28948
GHSA-jh5x-hfhg-78jq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:02:17.419813+00:00	Gentoo Importer	Fixing	VCID-kc7d-5k6x-77bp	https://security.gentoo.org/glsa/202101-23	38.0.0
2026-04-01T13:02:17.409302+00:00	Gentoo Importer	Fixing	VCID-gbz5-5frj-hber	https://security.gentoo.org/glsa/202101-23	38.0.0
2026-04-01T13:02:17.399863+00:00	Gentoo Importer	Fixing	VCID-v9v6-ae3e-g3hk	https://security.gentoo.org/glsa/202101-23	38.0.0