Vulnerability in N/a
CVE-2021-32610
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
EPSS: 0.734 (99.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- www.drupal.org/sa-core-2021-004 (x_refsource_CONFIRM)
- [debian-lts-announce] 20210726 [SECURITY] [DLA 2721-1] drupal7 security update (mailing-list, x_refsource_MLIST)
- github.com/pear/Archive_Tar/releases/tag/1.4.14 (x_refsource_MISC)
- github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f (x_refsource_MISC)
- FEDORA-2021-6cf271948a (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2021-c9c1f6e5c7 (vendor-advisory, x_refsource_FEDORA)
- github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755 (x_refsource_MISC)
- FEDORA-2021-8093e197f4 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2021-0c013f520c (vendor-advisory, x_refsource_FEDORA)
Frequently asked questions
- What is CVE-2021-32610?
- CVE-2021-32610 is a vulnerability in N/a. Published 2021-07-27.
- Is CVE-2021-32610 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.