CVE-2020-28949

Published November 19th, 2020

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

pear/Archive_Tar

GitHub