PEAR Archive_Tar PHP Object Injection

Summary

PEAR Archive_Tar is a utility class used in PHP to create, extract, and add tar files.

PEAR Archive_Tar versions prior to 1.4.4 suffers from a php object injection vulnerability.

Solution

At present, the vendor has released the patches to repair loopholes, patch for a link: https://pear.php.net/package/Archive_Tar/download/