CVE-2020-28949

Published: Nov 19, 2020

Modified: Oct 21, 2025

PUBLISHED

Description

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/pear/Archive_Tar/issues/33

x_refsource_MISC

https://www.drupal.org/sa-core-2020-013

x_refsource_CONFIRM

[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update

mailing-list

x_refsource_MLIST

FEDORA-2020-f351eb14e3

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-5271a896ff

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-6f1079934c

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-d50d74d6f2

vendor-advisory

x_refsource_FEDORA

DSA-4817

vendor-advisory

x_refsource_DEBIAN

http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

x_refsource_MISC

GLSA-202101-23

vendor-advisory

x_refsource_GENTOO

FEDORA-2021-8093e197f4

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-0c013f520c

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28949

Description

Affected Products

References