Innovate faster and cut risk with PHP experts from Zend Services.
Beginning to advanced PHP classes to learn and earn global certification.
Help me choose >
Submit support requests and browse self-service resources.
files added to tar with Phar::buildFromIterator have all-access permissions
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15, and 7.4.x below 7.4.3, when creating PHAR archive using the PharData::buildFromIterator() method, files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when the archive is extracted.
Upgrade to PHP 7.2.28 or above, 7.3.15 or above, or 7.4.3 or above.
Direct link to CVE-2020-7063 >
< View all CVEs