PEAR CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited PEAR CVE published 2022-08-25

CVE-2020-36193

CVE-2020-36193 affects PEAR Archive_Tar and is described as an improper link resolution vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-08-25, which means organizations should treat it as an active security concern and prioritize remediation. The supplied corpus points to a vendor fix commit and downstream advisories, but does not include fixed-version details in-line.

Known exploited PEAR CVE published 2022-08-25

CVE-2020-28949

CVE-2020-28949 affects PEAR Archive_Tar and is listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the supplied corpus, the safe defensive posture is to treat affected deployments as urgent remediation items, especially where Archive_Tar processes untrusted archive content.