Description: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
The **CVSS Base Score** is a score from **0 to 10** that represents the intrinsic severity of a vulnerability. A higher score indicates greater severity.
Database CWE: v4.18
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ↗
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-59: Improper Link Resolution Before File Access ('Link Following') ↗
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Fonte: MITRE CWE
The **EPSS (Exploit Prediction Scoring System)** is a score from **0 to 1** that indicates the **probability** that a vulnerability will be exploited in the real world in the next 30 days. A higher value indicates a greater likelihood of exploitation.
The **Percentile** indicates how much higher this vulnerability's EPSS score is compared to all other vulnerabilities in the EPSS database. For example, a percentile of 0.90 (90%) means that 90% of vulnerabilities have an EPSS score equal to or lower than the current one.
*Data updated as of: 2025-12-22
The **CISA KEV Catalog** lists vulnerabilities that have been **actively exploited in the real world**. If a CVE is present in this catalog, it indicates that the threat is immediate and mitigation should be a top priority.
CVE **CVE-2020-36193** **IS PRESENT** in the CISA KEV Catalog!
No results found on GitHub for this CVE.