VulnerableCode Package Details - pkg:deb/ubuntu/php-pear@1:1.10.9%2Bsubmodules%2Bnotgz-1ubuntu0.20.04.1

Search for packages

Package details: pkg:deb/ubuntu/php-pear@1:1.10.9%2Bsubmodules%2Bnotgz-1ubuntu0.20.04.1

Essentials
History (0)

purl	pkg:deb/ubuntu/php-pear@1:1.10.9%2Bsubmodules%2Bnotgz-1ubuntu0.20.04.1

Next non-vulnerable version	1:1.10.9+submodules+notgz-1ubuntu0.20.04.3
Latest non-vulnerable version	1:1.10.9+submodules+notgz-1ubuntu0.20.04.3
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-dfmf-642c-aaaf Aliases: CVE-2021-32610 GHSA-p8q8-jfcv-g2h2	In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.	1:1.10.9+submodules+notgz-1ubuntu0.20.04.3 Affected by 0 other vulnerabilities.
VCID-unxt-vez2-aaad Aliases: CVE-2020-36193 GHSA-rpw6-9xfx-jvcx	Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.	1:1.10.9+submodules+notgz-1ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-pk5w-rtgg-aaap	Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.	CVE-2020-28948 GHSA-jh5x-hfhg-78jq
VCID-xmkr-w4ma-aaan	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.	CVE-2020-28949 GHSA-75c5-f4gw-38r9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version