Lucene search
F5F5:K58581302HistoryDec 03, 2020 - 12:00 a.m.
K58581302 : Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949
2020-12-0300:00:00
my.f5.com
15
Security Advisory Description
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
nessus
nessus
Fedora 32 : 1:php-pear (2020-5271a896ff)
2020-12-02 00:00:00
EulerOS 2.0 SP8 : php-pear (EulerOS-SA-2021-1164)
2021-02-01 00:00:00
Debian DLA-2466-1 : drupal7 security update
2020-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: php-pear-1.10.12-4.fc33
2020-12-02 10:40:12
[SECURITY] Fedora 32 Update: php-pear-1.10.12-4.fc32
2020-12-02 10:40:00
[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34
2021-09-19 04:48:53
amazon
amazon
Medium: php-pear
2021-01-05 23:34:00
Medium: php7-pear
2021-01-12 22:51:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 4817-1] php-pear security update
2020-12-19 09:59:46
[SECURITY] [DSA 4817-1] php-pear security update
2020-12-19 09:59:46
[SECURITY] [DLA 2465-1] php-pear security update
2020-11-23 11:15:52
osv
osv
php-pear - security update
2020-12-19 00:00:00
Drupal core Arbitrary PHP code execution
2024-05-15 20:50:24
drupal7 - security update
2020-11-26 00:00:00
openvas
openvas
Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-013) - Linux
2020-11-30 00:00:00
Mageia: Security Advisory (MGASA-2020-0453)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2465-1)
2020-11-24 00:00:00
github
github
Drupal core Arbitrary PHP code execution
2024-05-15 20:50:24
Drupal core Arbitrary PHP code execution
2024-05-15 21:02:35
Multiple vulnerabilities through filename manipulation in Archive_Tar
2021-04-22 16:20:59
drupal
drupal
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
2020-11-25 00:00:00
attackerkb
attackerkb
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2020-11-27 11:21:46
Exploit for Deserialization of Untrusted Data in Php Archive Tar
2021-05-24 15:36:16
mageia
mageia
Updated php-pear packages fix security vulnerabilities
2020-12-08 13:40:32
ubuntu
ubuntu
PEAR vulnerabilities
2020-12-01 00:00:00
redhat
redhat
(RHSA-2022:6541) Moderate: php:7.4 security update
2022-09-15 08:06:49
(RHSA-2022:7340) Moderate: php-pear security update
2022-11-02 16:04:25
(RHSA-2022:6542) Moderate: php:7.4 security update
2022-09-15 08:06:55
oraclelinux
oraclelinux
php:7.4 security update
2022-09-16 00:00:00
php-pear security update
2022-11-03 00:00:00
almalinux
almalinux
Moderate: php:7.4 security update
2022-09-15 00:00:00
rocky
rocky
php:7.4 security update
2022-09-15 08:06:55
gentoo
gentoo
PEAR Archive_Tar: Directory traversal
2021-01-26 00:00:00
veracode
veracode
PHAR Unserialization
2020-11-20 03:05:45
Remote Code Execution
2020-11-20 12:01:46
prion
prion
Code injection
2020-11-19 19:15:00
Code injection
2020-11-19 19:15:00
Directory traversal
2021-01-18 20:15:00
redhatcve
redhatcve
CVE-2020-28949
2020-12-23 13:31:50
CVE-2020-28948
2020-12-03 11:12:53
debiancve
debiancve
alpinelinux
alpinelinux
cvelist
cvelist
nvd
nvd
packetstorm
packetstorm
PEAR Archive_Tar Arbitrary File Write
2021-01-25 00:00:00
cisa_kev
cisa_kev
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
2022-08-25 00:00:00
friendsofphp
friendsofphp
Potential file overwrite if archive filename starts with file://
2020-11-20 00:00:00
cve
cve
checkpoint_advisories
checkpoint_advisories
PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)
2022-10-18 00:00:00
archlinux
archlinux
[ASA-202102-7] nextcloud: directory traversal
2021-02-06 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-01-29 21:09:49
thn
thn
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
2022-08-29 04:23:00