CVE-2020-28948
Description
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
76.218
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| PHP Extension and Application Repository (USN-4654-1) php-pear_1.10.1+submodules+notgz-6ubuntu0.2_all.deb | Linux |
| PHP Extension and Application Repository (USN-4654-1) php-pear_1.10.5+submodules+notgz-1ubuntu1.18.04.2_all.deb | Linux |
| PHP Extension and Application Repository (USN-4654-1) php-pear_1.10.9+submodules+notgz-1ubuntu0.20.04.1_all.deb | Linux |
| PHP Extension and Application Repository (USN-4654-1) php-pear_1.10.9+submodules+notgz-1ubuntu0.20.10.1_all.deb | Linux |
| php-pear security update(DSA-4817-1) php-pear_1.10.6+submodules+notgz-1.1+deb10u1_all.deb | Linux |
| (RHSA-2022:6542) php:7.4 security update php-pear-1.10.13-1.module+el8.6.0+16577+0788886f.noarch.rpm | Linux |
| Apcu-panel update (ELSA-2022-6542) apcu-panel-5.1.18-1.module+el8.3.0+7685+72d70b58.noarch.rpm | Linux |
| Libzip update (ELSA-2022-6542) libzip-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Libzip-devel update (ELSA-2022-6542) libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Libzip-tools update (ELSA-2022-6542) libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php update (ELSA-2022-6542) php-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-bcmath update (ELSA-2022-6542) php-bcmath-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-cli update (ELSA-2022-6542) php-cli-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-common update (ELSA-2022-6542) php-common-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-dba update (ELSA-2022-6542) php-dba-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-dbg update (ELSA-2022-6542) php-dbg-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-devel update (ELSA-2022-6542) php-devel-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-embedded update (ELSA-2022-6542) php-embedded-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-enchant update (ELSA-2022-6542) php-enchant-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-ffi update (ELSA-2022-6542) php-ffi-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-fpm update (ELSA-2022-6542) php-fpm-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-gd update (ELSA-2022-6542) php-gd-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-gmp update (ELSA-2022-6542) php-gmp-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-intl update (ELSA-2022-6542) php-intl-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-json update (ELSA-2022-6542) php-json-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-ldap update (ELSA-2022-6542) php-ldap-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-mbstring update (ELSA-2022-6542) php-mbstring-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-mysqlnd update (ELSA-2022-6542) php-mysqlnd-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-odbc update (ELSA-2022-6542) php-odbc-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-opcache update (ELSA-2022-6542) php-opcache-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-pdo update (ELSA-2022-6542) php-pdo-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-pear update (ELSA-2022-6542) php-pear-1.10.13-1.module+el8.6.0+20746+7a133c42.noarch.rpm | Linux |
| Php-pecl-apcu update (ELSA-2022-6542) php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-apcu-devel update (ELSA-2022-6542) php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-rrd update (ELSA-2022-6542) php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-xdebug update (ELSA-2022-6542) php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-zip update (ELSA-2022-6542) php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pgsql update (ELSA-2022-6542) php-pgsql-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-process update (ELSA-2022-6542) php-process-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-snmp update (ELSA-2022-6542) php-snmp-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-soap update (ELSA-2022-6542) php-soap-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-xml update (ELSA-2022-6542) php-xml-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-xmlrpc update (ELSA-2022-6542) php-xmlrpc-7.4.19-4.module+el8.6.0+20746+7a133c42.x86_64.rpm | Linux |
| Php-pear update (ELSA-2022-7340) php-pear-1.9.4-23.el7_9.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234