PEAR Archive_Tar PHP Object Injection


PEAR Archive_Tar is a utility class used in PHP to create, extract, and add tar files.

PEAR Archive_Tar versions prior to 1.4.4 suffers from a php object injection vulnerability.


At present, the vendor has released the patches to repair loopholes, patch for a link: