Back to search
CVE-2020-28948
Published: Nov 19, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/pear/Archive_Tar/issues/33
x_refsource_MISC
https://www.drupal.org/sa-core-2020-013
x_refsource_CONFIRM
[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update
mailing-list
x_refsource_MLIST
FEDORA-2020-f351eb14e3
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-5271a896ff
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-6f1079934c
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-d50d74d6f2
vendor-advisory
x_refsource_FEDORA
DSA-4817
vendor-advisory
x_refsource_DEBIAN
GLSA-202101-23
vendor-advisory
x_refsource_GENTOO
FEDORA-2021-8093e197f4
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-0c013f520c
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now