CVE-2021-21706 log

Severity Medium
Remote Yes
Type Directory traversal
A security issue has been found in PHP on Windows before versions 8.0.11 and 7.4.24. It is possible to construct ZIP archives containing files which are placed outside the destination directory given to ZipArchive::extractTo() because the implementation of php_zip_make_relative_path() doesn't properly cater to absolute directories on Windows; a path starting with a slash is not an absolute path on Windows, but rather a relative path pointing to the current volume.
Group Package Affected Fixed Severity Status Ticket
AVG-2421 php7 7.4.23-1 7.4.24-1 Medium Not affected
AVG-2420 php 8.0.10-1 8.0.11-1 Medium Not affected