CVE-2021-32610
Description
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
2.96
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| PHP Extension and Application Repository (USN-5027-1) php-pear_1.10.9+submodules+notgz-1.1ubuntu1.1_all.deb | Linux |
| PHP Extension and Application Repository (USN-5027-1) php-pear_1.10.5+submodules+notgz-1ubuntu1.18.04.4_all.deb | Linux |
| PHP Extension and Application Repository (USN-5027-1) php-pear_1.10.9+submodules+notgz-1ubuntu0.20.04.3_all.deb | Linux |
| php:7.4 security, bug fix, and enhancement update (RLSA-2022:7628) php-json-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm | Linux |
| php:7.4 security, bug fix, and enhancement update (RLSA-2022:7628) php-pear-1.10.13-1.module+el8.7.0+1067+0a7071cc.noarch.rpm | Linux |
| php:7.4 security, bug fix, and enhancement update (RLSA-2022:7628) php-xmlrpc-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm | Linux |
| php:7.4 security, bug fix, and enhancement update (RLSA-2022:7628) php-pecl-xdebug-2.9.5-1.module+el8.4.0+415+e936cba3.x86_64.rpm | Linux |
| php-pear Security Update (ALAS-2021-1708) php-pear-1.10.12-9.amzn2.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234