In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Published July 30, 2021.
PHP Archive Tar
Debian Debian Linux
Fedoraproject Fedora