CVE-2020-28949CISA KEV: Actively Exploited

PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

Published Aug 25, 2022·Updated Aug 25, 2022

Description

PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free