CVE-2020-36193 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Directory traversal
Description	Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1464	nextcloud	20.0.5-2	20.0.6-1	Medium	Fixed
AVG-1463	drupal	9.0.6-2	9.1.7-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
06 Feb 2021	ASA-202102-7	AVG-1464	nextcloud	Medium	directory traversal

References
https://pear.php.net/bugs/bug.php?id=27008 https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 https://github.com/nextcloud/3rdparty/commit/87062377878054f58d62f6b1853ed61664404de6 https://github.com/nextcloud/3rdparty/commit/4f95d388e0888c130316c2a21f160d553219ea48

References

https://pear.php.net/bugs/bug.php?id=27008
https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
https://github.com/nextcloud/3rdparty/commit/87062377878054f58d62f6b1853ed61664404de6
https://github.com/nextcloud/3rdparty/commit/4f95d388e0888c130316c2a21f160d553219ea48