PEAR Archive_Tar CVE-2018-1000888 PHP Object Injection Vulnerability

Bugtraq ID:	106664
Class:	Input Validation Error
CVE:	CVE-2018-1000888
Remote:	Yes
Local:	No
Published:	Dec 28 2018 12:00AM
Updated:	Dec 28 2018 12:00AM
Credit:	Sam Thomas from Secarma.
Vulnerable:	PEAR Archive_Tar 1.4.3 PEAR Archive_Tar 1.4.2 PEAR Archive_Tar 1.4.1 PEAR Archive_Tar 1.3.13 Drupal Drupal 8.6.5 Drupal Drupal 8.6.4 Drupal Drupal 8.6.3 Drupal Drupal 8.6.2 Drupal Drupal 8.6.1 Drupal Drupal 8.5.8 Drupal Drupal 8.5.7 Drupal Drupal 8.5.6 Drupal Drupal 8.5.3 Drupal Drupal 8.5.2 Drupal Drupal 8.5.1 Drupal Drupal 8.5 Drupal Drupal 7.9 Drupal Drupal 7.8 Drupal Drupal 7.6 Drupal Drupal 7.59 Drupal Drupal 7.58 Drupal Drupal 7.57 Drupal Drupal 7.56 Drupal Drupal 7.55 Drupal Drupal 7.54 Drupal Drupal 7.52 Drupal Drupal 7.5 Drupal Drupal 7.44 Drupal Drupal 7.43 Drupal Drupal 7.42 Drupal Drupal 7.41 Drupal Drupal 7.40 Drupal Drupal 7.4 Drupal Drupal 7.39 Drupal Drupal 7.38 Drupal Drupal 7.37 Drupal Drupal 7.36 Drupal Drupal 7.35 Drupal Drupal 7.34 Drupal Drupal 7.33 Drupal Drupal 7.32 Drupal Drupal 7.31 Drupal Drupal 7.30 Drupal Drupal 7.3 Drupal Drupal 7.29 Drupal Drupal 7.28 Drupal Drupal 7.27 Drupal Drupal 7.26 Drupal Drupal 7.25 Drupal Drupal 7.24 Drupal Drupal 7.23 Drupal Drupal 7.22 Drupal Drupal 7.21 Drupal Drupal 7.20 Drupal Drupal 7.2 Drupal Drupal 7.19 Drupal Drupal 7.18 Drupal Drupal 7.17 Drupal Drupal 7.16 Drupal Drupal 7.15 Drupal Drupal 7.14 Drupal Drupal 7.13 Drupal Drupal 7.12 Drupal Drupal 7.11 Drupal Drupal 7.10
Not Vulnerable:	PEAR Archive_Tar 1.4.4 Drupal Drupal 8.6.6 Drupal Drupal 8.5.9 Drupal Drupal 7.62

PEAR Archive_Tar CVE-2018-1000888 PHP Object Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.