IRONSMITHINTEL
HIGHCVSS7.5
|
Actively Exploited
|CISA KEV|CVE-2020-36193|Auth: none — unauthenticated|Reboot: required|Manual only

PEAR Archive_Tar Improper Link Resolution Vulnerability

PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

Published Jan 18, 2021 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data. Federal agencies are required to remediate by 2022-09-15 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Path Traversal (CWE-22) vulnerability in PEAR Archive_Tar. Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running archive tar: v ≤ 1.4.11; fedora: 32, 33, 34, 35; debian linux: 9.0, 10.0; drupal: 7.0 ≤ v < 7.78, 8.9.0 ≤ v < 8.9.13, 9.0.0 ≤ v < 9.0.11, 9.1.0 ≤ v < 9.1.3
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-08-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-09-15.

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    Vendor advisory: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2020-36193
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2020-36193NVDVendor Advisory