Path Traversal within joomla/archive tar class
High severity
GitHub Reviewed
Published
Mar 31, 2022
to the GitHub Advisory Database
•
Updated May 15, 2024
Package
Affected versions
< 1.1.12
>= 2.0.0, < 2.0.1
Patched versions
1.1.12
2.0.1
Description
Published by the National Vulnerability Database
Mar 30, 2022
Published to the GitHub Advisory Database
Mar 31, 2022
Reviewed
May 15, 2024
Last updated
May 15, 2024
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
References