Site icon API Security Blog

(RHSA-2022:6542) Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948)

* Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)

* Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More

Exit mobile version