Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pear/archive_tar(Packagist) | 0 | 1.4.11 | N/A |
CVSS Metrics
