PEAR Archive_Tar PHP Object Injection
- Date Published:2019-01-11
- Last Updated:2019-01-11
- Version Affected: PEAR Archive_Tar
- CVE: CVE-2018-1000888
PEAR Archive_Tar is a utility class used in PHP to create, extract, and add tar files.
PEAR Archive_Tar versions prior to 1.4.4 suffers from a php object injection vulnerability.
At present, the vendor has released the patches to repair loopholes, patch for a link: https://pear.php.net/package/Archive_Tar/download/