CISA KEV 정보
| 취약점명 | PEAR Archive_Tar Improper Link Resolution Vulnerability |
|---|---|
| 설명 | PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-22 | CWE-59 |
| 등록일 (KEV) | 2022-08-25 |
| 조치 기한 | 2022-09-15 |
| 추가 참고 | https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193; https://nvd.nist.gov/vuln/detail/CVE-2020-36193 |
NVD 상세 정보
CVSS v3.1: 7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NCVSS v2.0: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N설명: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CWE: CWE-22 | CWE-59 | CWE-59
참조
- https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 [Patch]
- https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html [Mailing List, Third Party Advisory]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/ [Broken Link]
- https://security.gentoo.org/glsa/202101-23 [Third Party Advisory]
- https://www.debian.org/security/2021/dsa-4894 [Third Party Advisory]
- https://www.drupal.org/sa-core-2021-001 [Third Party Advisory]
- https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 [Patch]
- https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html [Mailing List, Third Party Advisory]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/ [Broken Link]
- ... 외 6건
This product uses the NVD API but is not endorsed or certified by the NVD.