{"id":"CVE-2021-32610","details":"In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.","aliases":["DRUPAL-CORE-2021-004","GHSA-p8q8-jfcv-g2h2"],"modified":"2026-03-20T11:41:16.867587Z","published":"2021-07-30T14:15:16.940Z","related":["ALSA-2022:7628","MGASA-2021-0393","SUSE-SU-2022:3198-1","SUSE-SU-2022:3198-2","openSUSE-SU-2024:11168-1","openSUSE-SU-2024:11170-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"},{"type":"ADVISORY","url":"https://github.com/pear/Archive_Tar/releases/tag/1.4.14"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html"},{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2021-004"},{"type":"FIX","url":"https://github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755"},{"type":"FIX","url":"https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pear/archive_tar","events":[{"introduced":"0"},{"fixed":"4d761c5334c790e45ef3245f0864b8955c562caa"},{"fixed":"7789ebb2f34f9e4adb3a4152ad0d1548930a9755"},{"fixed":"b5832439b1f37331fb4f87e67fe4f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.14"}]}}],"versions":["1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32610.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}