Search for packages
| purl | pkg:deb/debian/php-pear@1:1.10.12%2Bsubmodules%2Bnotgz%2B20210212-1 |
| Next non-vulnerable version | 1:1.10.13+submodules+notgz+2022032202-2 |
| Latest non-vulnerable version | 1:1.10.13+submodules+notgz+2022032202-2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-yga4-4bg7-97ew
Aliases: CVE-2021-32610 GHSA-p8q8-jfcv-g2h2 |
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1skm-sxkd-fqay | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. |
CVE-2020-36193
GHSA-rpw6-9xfx-jvcx |
| VCID-29b3-euu3-tbdk | Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. |
CVE-2020-28948
GHSA-jh5x-hfhg-78jq |
| VCID-zm7q-katz-bue7 | Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. |
CVE-2020-28949
GHSA-75c5-f4gw-38r9 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T20:02:09.909596+00:00 | Debian Oval Importer | Fixing | VCID-zm7q-katz-bue7 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T19:32:48.438525+00:00 | Debian Oval Importer | Fixing | VCID-29b3-euu3-tbdk | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T12:31:04.130216+00:00 | Debian Importer | Affected by | VCID-yga4-4bg7-97ew | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
| 2025-08-01T11:49:09.540201+00:00 | Debian Oval Importer | Fixing | VCID-1skm-sxkd-fqay | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |