Vulnerability CVE-2020-28949
Published: 2020-11-19

Description:
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

See advisories in our WLB2 database:
Topic
Author
Date
High
PEAR Archive_Tar Arbitrary File Write
gwillcox-r7
31.01.2021

 References:
https://github.com/pear/Archive_Tar/issues/33
Copyright 2024, cxsecurity.com

 

Back to Top