Vulnerabilities > CVE-2020-28948 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2020-11-19

Updated: 2023-11-07

Summary

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP Archive TAR 1.3.11 PHP Archive TAR 1.3.12 PHP Archive TAR 1.3.13 PHP Archive TAR 1.3.14 PHP Archive TAR 1.3.15 PHP Archive TAR 1.3.16 PHP Archive TAR 1.4.0 PHP Archive TAR 1.4.1 PHP Archive TAR 1.4.2 PHP Archive TAR 1.4.3 PHP Archive TAR 1.4.4 PHP Archive TAR 1.4.5 PHP Archive TAR 1.4.6 PHP Archive TAR 1.4.7 PHP Archive TAR 1.4.8 PHP Archive TAR 1.4.9 PHP Archive TAR 1.4.10 PHP Archive TAR 1.4.11	18
Application	Drupal Drupal Drupal 7.0 Drupal Drupal 7.1 Drupal Drupal 7.2 Drupal Drupal 7.3 Drupal Drupal 7.4 Drupal Drupal 7.5 Drupal Drupal 7.6 Drupal Drupal 7.7 Drupal Drupal 7.8 Drupal Drupal 7.9 Drupal Drupal 7.10 Drupal Drupal 7.11 Drupal Drupal 7.12 Drupal Drupal 7.13 Drupal Drupal 7.14 Drupal Drupal 7.15 Drupal Drupal 7.16 Drupal Drupal 7.17 Drupal Drupal 7.18 Drupal Drupal 7.19 Drupal Drupal 7.20 Drupal Drupal 7.21 Drupal Drupal 7.22 Drupal Drupal 7.23 Drupal Drupal 7.24 Drupal Drupal 7.25 Drupal Drupal 7.26 Drupal Drupal 7.27 Drupal Drupal 7.28 Drupal Drupal 7.29 Drupal Drupal 7.30 Drupal Drupal 7.31 Drupal Drupal 7.32 Drupal Drupal 7.33 Drupal Drupal 7.34 Drupal Drupal 7.35 Drupal Drupal 7.36 Drupal Drupal 7.37 Drupal Drupal 7.38 Drupal Drupal 7.39 Drupal Drupal 7.40 Drupal Drupal 7.41 Drupal Drupal 7.42 Drupal Drupal 7.43 Drupal Drupal 7.44 Drupal Drupal 7.50 Drupal Drupal 7.51 Drupal Drupal 7.52 Drupal Drupal 7.53 Drupal Drupal 7.54 Drupal Drupal 7.55 Drupal Drupal 7.56 Drupal Drupal 7.57 Drupal Drupal 7.58 Drupal Drupal 7.59 Drupal Drupal 7.60 Drupal Drupal 7.61 Drupal Drupal 7.62 Drupal Drupal 7.63 Drupal Drupal 7.64 Drupal Drupal 7.65 Drupal Drupal 7.66 Drupal Drupal 7.67 Drupal Drupal 7.68 Drupal Drupal 7.69 Drupal Drupal 7.70 Drupal Drupal 7.71 Drupal Drupal 7.72 Drupal Drupal 7.73 Drupal Drupal 7.74 Drupal Drupal 8.8.0 Drupal Drupal 8.8.1 Drupal Drupal 8.8.2 Drupal Drupal 8.8.3 Drupal Drupal 8.8.4 Drupal Drupal 8.8.5 Drupal Drupal 8.8.6 Drupal Drupal 8.8.7 Drupal Drupal 8.8.8 Drupal Drupal 8.8.9 Drupal Drupal 8.8.10 Drupal Drupal 8.8.11 Drupal Drupal 8.0.0 Drupal Drupal 8.0.1 Drupal Drupal 8.0.2 Drupal Drupal 8.0.3 Drupal Drupal 8.0.4 Drupal Drupal 8.0.5 Drupal Drupal 8.0.6 Drupal Drupal 8.1.0 Drupal Drupal 8.1.1 Drupal Drupal 8.1.2 Drupal Drupal 8.1.3 Drupal Drupal 8.1.4 Drupal Drupal 8.1.5 Drupal Drupal 8.1.6 Drupal Drupal 8.1.7 Drupal Drupal 8.1.8 Drupal Drupal 8.1.9 Drupal Drupal 8.1.10 Drupal Drupal 8.2.0 Drupal Drupal 8.2.1 Drupal Drupal 8.2.2 Drupal Drupal 8.2.3 Drupal Drupal 8.2.4 Drupal Drupal 8.2.5 Drupal Drupal 8.2.6 Drupal Drupal 8.2.7 Drupal Drupal 8.2.8 Drupal Drupal 8.3.0 Drupal Drupal 8.3.1 Drupal Drupal 8.3.2 Drupal Drupal 8.3.3 Drupal Drupal 8.3.4 Drupal Drupal 8.3.5 Drupal Drupal 8.3.6 Drupal Drupal 8.3.7 Drupal Drupal 8.3.8 Drupal Drupal 8.3.9 Drupal Drupal 8.4.0 Drupal Drupal 8.4.1 Drupal Drupal 8.4.2 Drupal Drupal 8.4.3 Drupal Drupal 8.4.4 Drupal Drupal 8.4.5 Drupal Drupal 8.4.6 Drupal Drupal 8.4.7 Drupal Drupal 8.4.8 Drupal Drupal 8.5.0 Drupal Drupal 8.5.1 Drupal Drupal 8.5.2 Drupal Drupal 8.5.3 Drupal Drupal 8.5.4 Drupal Drupal 8.5.5 Drupal Drupal 8.5.6 Drupal Drupal 8.5.7 Drupal Drupal 8.5.8 Drupal Drupal 8.5.9 Drupal Drupal 8.5.10 Drupal Drupal 8.5.11 Drupal Drupal 8.5.12 Drupal Drupal 8.5.13 Drupal Drupal 8.5.14 Drupal Drupal 8.5.15 Drupal Drupal 8.6.0 Drupal Drupal 8.6.1 Drupal Drupal 8.6.2 Drupal Drupal 8.6.3 Drupal Drupal 8.6.4 Drupal Drupal 8.6.5 Drupal Drupal 8.6.6 Drupal Drupal 8.6.7 Drupal Drupal 8.6.8 Drupal Drupal 8.6.9 Drupal Drupal 8.6.10 Drupal Drupal 8.6.11 Drupal Drupal 8.6.12 Drupal Drupal 8.6.13 Drupal Drupal 8.6.14 Drupal Drupal 8.6.15 Drupal Drupal 8.6.16 Drupal Drupal 8.6.17 Drupal Drupal 8.6.18 Drupal Drupal 8.7.0 Drupal Drupal 8.7.1 Drupal Drupal 8.7.2 Drupal Drupal 8.7.3 Drupal Drupal 8.7.4 Drupal Drupal 8.7.5 Drupal Drupal 8.7.6 Drupal Drupal 8.7.7 Drupal Drupal 8.7.8 Drupal Drupal 8.7.9 Drupal Drupal 8.7.10 Drupal Drupal 8.7.11 Drupal Drupal 8.7.12 Drupal Drupal 8.7.13 Drupal Drupal 8.7.14 Drupal Drupal 8.8.12 Drupal Drupal 8.9.0 Drupal Drupal 8.9.1 Drupal Drupal 8.9.2 Drupal Drupal 8.9.3 Drupal Drupal 8.9.4 Drupal Drupal 8.9.5 Drupal Drupal 8.9.6 Drupal Drupal 8.9.7 Drupal Drupal 8.9.8 Drupal Drupal 8.9.9 Drupal Drupal 9.0.0 Drupal Drupal 9.0.1 Drupal Drupal 9.0.2 Drupal Drupal 9.0.3 Drupal Drupal 9.0.4 Drupal Drupal 9.0.5 Drupal Drupal 9.0.6 Drupal Drupal 9.0.7 Drupal Drupal 9.0.8	286
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35	4

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Vulnerabilities > CVE-2020-28948 - Deserialization of Untrusted Data vulnerability in multiple products

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References