CVE-2020-36193

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score56.0900%

EPSS Percentile97.66th

Published2021年1月18日

Last Modified2025年11月7日

Vulnerability Description

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Affected Platforms (CPE)

📦

Php

Archive Tar

<= 1.4.11

💻

Fedoraproject

Fedora

= 32

💻

Fedoraproject

Fedora

= 33

💻

Fedoraproject

Fedora

= 34

💻

Fedoraproject

Fedora

= 35

💻

Debian

Debian Linux

= 9.0

💻

Debian

Debian Linux

= 10.0

📦

Drupal

>= 7.0 and < 7.78

📦

Drupal

>= 8.9.0 and < 8.9.13

📦

Drupal

>= 9.0.0 and < 9.0.11

📦

Drupal

>= 9.1.0 and < 9.1.3

References & Advisories

🔗 https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916

🔗 https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html

🔗 https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/

🔗 https://security.gentoo.org/glsa/202101-23

Vulnerability Description

Affected Platforms (CPE)

Archive Tar

Fedora

Fedora

Fedora

Fedora

Debian Linux

Debian Linux

Drupal

Drupal

Drupal

Drupal

References & Advisories

相关漏洞威胁