Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Moderate

CVE-2020-28948

Disclosure Date: November 19, 2020 (last updated November 08, 2023)
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
3
1
Attacker Value
High

CVE-2020-28949

Disclosure Date: November 19, 2020 (last updated November 08, 2023)
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
Unknown

CVE-2020-36193

Disclosure Date: January 18, 2021 (last updated November 08, 2023)
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0