CVE-2024-2756
- EPSS 6.49%
- Veröffentlicht 29.04.2024 04:15:07
- Zuletzt bearbeitet 04.11.2025 18:16:18
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applic...
CVE-2021-32610
- EPSS 2.98%
- Veröffentlicht 30.07.2021 14:15:16
- Zuletzt bearbeitet 21.11.2024 06:07:22
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
CVE-2020-36193
- EPSS 72.18%
- Veröffentlicht 18.01.2021 20:15:12
- Zuletzt bearbeitet 07.11.2025 22:03:02
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-28948
- EPSS 73.73%
- Veröffentlicht 19.11.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:23:21
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2020-28949
- EPSS 92.96%
- Veröffentlicht 19.11.2020 19:15:11
- Zuletzt bearbeitet 07.11.2025 22:03:27
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.