PT-2021-4597 · Unknown+8 · Archive Tar+8

Jonathan Danaher

Published

2021-01-18

Updated

2025-11-07

CVE-2020-36193

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Archive Tar versions 1.4.11 and earlier

Description The vulnerability in the Archive Tar library's Tar.php file is related to improper link resolution, allowing an attacker to impact data integrity through directory traversal due to inadequate checking of symbolic links.

Recommendations For Archive Tar versions 1.4.11 and earlier, update to version 1.4.13 to resolve the issue. As a temporary workaround, consider restricting write operations to prevent directory traversal until the update is applied.

Exploit

Fix

Link Following

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-22

Related Identifiers

ALSA-2022:6542

BDU:2021-05279

BIT-DRUPAL-2020-36193

CESA-2022_6542

CVE-2020-36193

DLA-2530-1

DLA-2621-1

DSA-4894-1

GHSA-RPW6-9XFX-JVCX

MGASA-2021-0060

OPENSUSE-SU-2021:1267-1

OPENSUSE-SU-2021:2872-1

OPENSUSE-SU-2021:3018-1

OPENSUSE-SU-2021_1267-1

OPENSUSE-SU-2021_2872-1

OPENSUSE-SU-2021_3018-1

RHSA-2022:6541

RHSA-2022:6542

RHSA-2022:7340

RHSA-2022_6542

RHSA-2022_7340

RLSA-2022:6542

SUSE-SU-2021:2926-1

SUSE-SU-2021:3006-1

SUSE-SU-2021:3018-1

SUSE-SU-2021_2926-1

SUSE-SU-2021_3006-1

SUSE-SU-2021_3018-1

USN-4723-1

Affected Products

Almalinux

Archive Tar

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-4597 · Unknown+8 · Archive Tar+8

CVE-2020-36193

Weakness Enumeration

Related Identifiers

Affected Products

References · 92