These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2020-36193 affects PEAR Archive_Tar and is described as an improper link resolution vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-08-25, which means organizations should treat it as an active security concern and prioritize remediation. The supplied corpus points to a vendor fix commit and downstream advisories, but does not include fixed-version details in-line.
CVE-2020-28949 affects PEAR Archive_Tar and is listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the supplied corpus, the safe defensive posture is to treat affected deployments as urgent remediation items, especially where Archive_Tar processes untrusted archive content.
CVE-2017-5677 is a critical vulnerability in PEAR HTML_AJAX versions 0.3.0 through 0.5.7. The issue is described as a PHP object injection problem in the PHP serializer, with remote code execution as the stated impact. NVD rates the issue 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), so exposed instances should be treated as urgent.