6 matches found
BIT-DRUPAL-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
SUSE CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
Multiple vulnerabilities through filename manipulation in Archive_Tar
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. See: https://github.com/pear/ArchiveTar/issues/33...
UBUNTU-CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...