Vulnerability feed

Vulnerability

CVE-2020-28949

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2020-28949
Description:: Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Last updated date:: 01/06/2022

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/26/2020
Reference url to background: https://github.com/pear/Archive_Tar/issues/33

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/02/2021
Reference url to background: http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/02/2021
Reference url to background: https://github.com/pear/Archive_Tar/issues/33

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/27/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/archive_tar_arb_file_write.rb

Vulnerability Feed Contributors About Blog

@inTheWild

©2023 |