CVE-2024-2756
- EPSS 7.14%
- Published 29.04.2024 04:15:07
- Last modified 13.02.2025 18:17:57
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applic...
CVE-2021-32610
- EPSS 3.05%
- Published 30.07.2021 14:15:16
- Last modified 21.11.2024 06:07:22
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
CVE-2020-36193
- EPSS 86.02%
- Published 18.01.2021 20:15:12
- Last modified 03.04.2025 19:44:16
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-28948
- EPSS 76.87%
- Published 19.11.2020 19:15:11
- Last modified 21.11.2024 05:23:21
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2020-28949
- EPSS 93.06%
- Published 19.11.2020 19:15:11
- Last modified 07.03.2025 17:12:53
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.