Vulnerability-Lookup

CVE-2020-28949 (GCVE-0-2020-28949)

Vulnerability from cvelistv5 – Published: 2020-11-19 18:14 – Updated: 2025-10-21 23:35

CISA KEV

Summary

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

12 references

URL	Tags
https://github.com/pear/Archive_Tar/issues/33	x_refsource_MISC
https://www.drupal.org/sa-core-2020-013	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2020/dsa-4817	vendor-advisoryx_refsource_DEBIAN
http://packetstormsecurity.com/files/161095/PEAR-…	x_refsource_MISC
https://security.gentoo.org/glsa/202101-23	vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: d8a07688-1026-444f-83e2-b477fde64db6

Vulnerability ID: CVE-2020-28949

Status: Confirmed

Status Updated: 2022-08-25 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-08-25

Asserted: 2022-08-25

Scope

Notes: KEV entry: PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability | Affected: PEAR / Archive_Tar | Description: PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949; https://nvd.nist.gov/vuln/detail/CVE-2020-28949

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-74
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Archive_Tar
Due Date	2022-09-15
Date Added	2022-08-25
Vendorproject	PEAR
Vulnerabilityname	PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2020-28949

Created: 2026-02-02 13:25 UTC | Updated: 2026-02-06 07:53 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:00.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pear/Archive_Tar/issues/33"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2020-013"
          },
          {
            "name": "[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"
          },
          {
            "name": "FEDORA-2020-f351eb14e3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/"
          },
          {
            "name": "FEDORA-2020-5271a896ff",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/"
          },
          {
            "name": "FEDORA-2020-6f1079934c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
          },
          {
            "name": "FEDORA-2020-d50d74d6f2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
          },
          {
            "name": "DSA-4817",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html"
          },
          {
            "name": "GLSA-202101-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-23"
          },
          {
            "name": "FEDORA-2021-8093e197f4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"
          },
          {
            "name": "FEDORA-2021-0c013f520c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-28949",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:49:30.732204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:32.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-08-25T00:00:00.000Z",
            "value": "CVE-2020-28949 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-25T00:06:16.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pear/Archive_Tar/issues/33"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/sa-core-2020-013"
        },
        {
          "name": "[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"
        },
        {
          "name": "FEDORA-2020-f351eb14e3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/"
        },
        {
          "name": "FEDORA-2020-5271a896ff",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/"
        },
        {
          "name": "FEDORA-2020-6f1079934c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
        },
        {
          "name": "FEDORA-2020-d50d74d6f2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
        },
        {
          "name": "DSA-4817",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html"
        },
        {
          "name": "GLSA-202101-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-23"
        },
        {
          "name": "FEDORA-2021-8093e197f4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"
        },
        {
          "name": "FEDORA-2021-0c013f520c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28949",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pear/Archive_Tar/issues/33",
              "refsource": "MISC",
              "url": "https://github.com/pear/Archive_Tar/issues/33"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-013",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/sa-core-2020-013"
            },
            {
              "name": "[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"
            },
            {
              "name": "FEDORA-2020-f351eb14e3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/"
            },
            {
              "name": "FEDORA-2020-5271a896ff",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/"
            },
            {
              "name": "FEDORA-2020-6f1079934c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
            },
            {
              "name": "FEDORA-2020-d50d74d6f2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
            },
            {
              "name": "DSA-4817",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4817"
            },
            {
              "name": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html"
            },
            {
              "name": "GLSA-202101-23",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-23"
            },
            {
              "name": "FEDORA-2021-8093e197f4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"
            },
            {
              "name": "FEDORA-2021-0c013f520c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28949",
    "datePublished": "2020-11-19T18:14:18.000Z",
    "dateReserved": "2020-11-19T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:32.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-28949",
      "cwes": "[\"CWE-74\"]",
      "dateAdded": "2022-08-25",
      "dueDate": "2022-09-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949; https://nvd.nist.gov/vuln/detail/CVE-2020-28949",
      "product": "Archive_Tar",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.",
      "vendorProject": "PEAR",
      "vulnerabilityName": "PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability"
    },
    "epss": {
      "cve": "CVE-2020-28949",
      "date": "2026-05-31",
      "epss": "0.93364",
      "percentile": "0.99821"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28949\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-19T19:15:11.937\",\"lastModified\":\"2025-11-07T22:03:27.543\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.\"},{\"lang\":\"es\",\"value\":\"Archive_Tar versiones hasta 1.4.10, presenta una desinfecci\u00f3n del nombre de archivo :// solo para abordar los ataques phar y, por lo tanto, cualquier otro ataque de empaquetado de flujo (tal y como file:// para sobrescribir archivos) a\u00fan puede tener \u00e9xito\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-08-25\",\"cisaActionDue\":\"2022-09-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:archive_tar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.12\",\"matchCriteriaId\":\"0EA0459A-BD5C-42AE-B0D7-7B35E15E2D1A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.75\",\"matchCriteriaId\":\"61E72B09-C9D7-4AB1-BA89-3CB06FAAE46F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.9.10\",\"matchCriteriaId\":\"01A74904-1082-4C42-B037-2785756DA70B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndExcluding\":\"8.8.12\",\"matchCriteriaId\":\"551C8FEA-7B6E-4FC8-804E-70A5A4922CD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.9\",\"matchCriteriaId\":\"38992B05-6DF5-4751-A57B-8A43DD3E6680\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/pear/Archive_Tar/issues/33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-23\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4817\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-013\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/pear/Archive_Tar/issues/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4817\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pear/Archive_Tar/issues/33\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.drupal.org/sa-core-2020-013\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html\", \"name\": \"[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/\", \"name\": \"FEDORA-2020-f351eb14e3\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/\", \"name\": \"FEDORA-2020-5271a896ff\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/\", \"name\": \"FEDORA-2020-6f1079934c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/\", \"name\": \"FEDORA-2020-d50d74d6f2\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4817\", \"name\": \"DSA-4817\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-23\", \"name\": \"GLSA-202101-23\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/\", \"name\": \"FEDORA-2021-8093e197f4\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/\", \"name\": \"FEDORA-2021-0c013f520c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T16:48:00.983Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-28949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:49:30.732204Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-08-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-08-25T00:00:00.000Z\", \"value\": \"CVE-2020-28949 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:49:22.533Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/pear/Archive_Tar/issues/33\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.drupal.org/sa-core-2020-013\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html\", \"name\": \"[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/\", \"name\": \"FEDORA-2020-f351eb14e3\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/\", \"name\": \"FEDORA-2020-5271a896ff\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/\", \"name\": \"FEDORA-2020-6f1079934c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/\", \"name\": \"FEDORA-2020-d50d74d6f2\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4817\", \"name\": \"DSA-4817\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-23\", \"name\": \"GLSA-202101-23\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/\", \"name\": \"FEDORA-2021-8093e197f4\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/\", \"name\": \"FEDORA-2021-0c013f520c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-09-25T00:06:16.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/pear/Archive_Tar/issues/33\", \"name\": \"https://github.com/pear/Archive_Tar/issues/33\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.drupal.org/sa-core-2020-013\", \"name\": \"https://www.drupal.org/sa-core-2020-013\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html\", \"name\": \"[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/\", \"name\": \"FEDORA-2020-f351eb14e3\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/\", \"name\": \"FEDORA-2020-5271a896ff\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/\", \"name\": \"FEDORA-2020-6f1079934c\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/\", \"name\": \"FEDORA-2020-d50d74d6f2\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4817\", \"name\": \"DSA-4817\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\", \"name\": \"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.gentoo.org/glsa/202101-23\", \"name\": \"GLSA-202101-23\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/\", \"name\": \"FEDORA-2021-8093e197f4\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/\", \"name\": \"FEDORA-2021-0c013f520c\", \"refsource\": \"FEDORA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-28949\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-28949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:32.687Z\", \"dateReserved\": \"2020-11-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-11-19T18:14:18.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2022:7340

Vulnerability from csaf_redhat - Published: 2022-11-02 16:38 - Updated: 2025-11-21 18:34

Summary

Red Hat Security Advisory: php-pear security update

Severity

Moderate

Notes

Topic: An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) * Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-28948

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28949

A flaw was found in the Archive_Tar package. PEAR Archive_Tar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Moderate

CVE-2020-36193

A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences (/../) to modify arbitrary files on the system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src	—	Vendor Fix fix

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Moderate

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:7340	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1904001	external
https://bugzilla.redhat.com/show_bug.cgi?id=1910323	external
https://bugzilla.redhat.com/show_bug.cgi?id=1942961	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-28948	self
https://bugzilla.redhat.com/show_bug.cgi?id=1904001	external
https://www.cve.org/CVERecord?id=CVE-2020-28948	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28948	external
https://access.redhat.com/security/cve/CVE-2020-28949	self
https://bugzilla.redhat.com/show_bug.cgi?id=1910323	external
https://www.cve.org/CVERecord?id=CVE-2020-28949	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28949	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://access.redhat.com/security/cve/CVE-2020-36193	self
https://bugzilla.redhat.com/show_bug.cgi?id=1942961	external
https://www.cve.org/CVERecord?id=CVE-2020-36193	external
https://nvd.nist.gov/vuln/detail/CVE-2020-36193	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for php-pear is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components.\n\nSecurity Fix(es):\n\n* Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948)\n\n* Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)\n\n* Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7340",
        "url": "https://access.redhat.com/errata/RHSA-2022:7340"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1904001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904001"
      },
      {
        "category": "external",
        "summary": "1910323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910323"
      },
      {
        "category": "external",
        "summary": "1942961",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942961"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7340.json"
      }
    ],
    "title": "Red Hat Security Advisory: php-pear security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:34:25+00:00",
      "generator": {
        "date": "2025-11-21T18:34:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2022:7340",
      "initial_release_date": "2022-11-02T16:38:50+00:00",
      "revision_history": [
        {
          "date": "2022-11-02T16:38:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-11-02T16:38:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:34:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pear-1:1.9.4-23.el7_9.src",
                "product": {
                  "name": "php-pear-1:1.9.4-23.el7_9.src",
                  "product_id": "php-pear-1:1.9.4-23.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pear@1.9.4-23.el7_9?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pear-1:1.9.4-23.el7_9.noarch",
                "product": {
                  "name": "php-pear-1:1.9.4-23.el7_9.noarch",
                  "product_id": "php-pear-1:1.9.4-23.el7_9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pear@1.9.4-23.el7_9?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pear-1:1.9.4-23.el7_9.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch"
        },
        "product_reference": "php-pear-1:1.9.4-23.el7_9.noarch",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pear-1:1.9.4-23.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
        },
        "product_reference": "php-pear-1:1.9.4-23.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pear-1:1.9.4-23.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch"
        },
        "product_reference": "php-pear-1:1.9.4-23.el7_9.noarch",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pear-1:1.9.4-23.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
        },
        "product_reference": "php-pear-1:1.9.4-23.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28948",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1904001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "PHP 7.2 and 7.3 marked End of Life at the time this CVE was released. There would be no patches made available for php-pear.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28948"
        },
        {
          "category": "external",
          "summary": "RHBZ#1904001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28948"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28948",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28948"
        }
      ],
      "release_date": "2020-11-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-02T16:38:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.",
          "product_ids": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7340"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked"
    },
    {
      "cve": "CVE-2020-28949",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1910323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Archive_Tar package. PEAR Archive_Tar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Archive_Tar: improper filename sanitization leads to file overwrites",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "PHP 7.2, 7.3 and 7.4 are all deprecated. There would be no patches made available for php-pear.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28949"
        },
        {
          "category": "external",
          "summary": "RHBZ#1910323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28949"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28949",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28949"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-11-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-02T16:38:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.",
          "product_ids": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7340"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-08-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Archive_Tar: improper filename sanitization leads to file overwrites"
    },
    {
      "cve": "CVE-2020-36193",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942961"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing \"dot dot\" sequences (/../) to modify arbitrary files on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Archive_Tar: directory traversal due to inadequate checking of symbolic links",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "php-pear 7.2 and 7.3 have been marked End of Life at the time this CVE was released. Therefore no patches would be made available for those versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
          "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-36193"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942961",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942961"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36193"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-01-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-02T16:38:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.",
          "product_ids": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7340"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Server-7.9.Z:php-pear-1:1.9.4-23.el7_9.src",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.noarch",
            "7Workstation-7.9.Z:php-pear-1:1.9.4-23.el7_9.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-08-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Archive_Tar: directory traversal due to inadequate checking of symbolic links"
    }
  ]
}

WID-SEC-W-2022-1443

Vulnerability from csaf_certbund - Published: 2020-11-25 23:00 - Updated: 2024-09-03 22:00

Summary

Drupal: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Drupal ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Drupal ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2020-28948

In Drupal existieren mehrere Schwachstellen im Zusammenhang mit der PEAR Archive_Tar Bibliothek. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen PHP-Code zur Ausführung zu bringen.

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Drupal <9.0.9 Open Source / Drupal		<9.0.9
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Drupal <8.9.10 Open Source / Drupal		<8.9.10
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Drupal <8.8.12 Open Source / Drupal		<8.8.12
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Open Source Drupal <7.75 Open Source / Drupal		<7.75

CVE-2020-28949

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Drupal <9.0.9 Open Source / Drupal		<9.0.9
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Drupal <8.9.10 Open Source / Drupal		<8.9.10
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Drupal <8.8.12 Open Source / Drupal		<8.8.12
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Open Source Drupal <7.75 Open Source / Drupal		<7.75

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.debian.org/debian-lts-announce/2021…	external
https://www.drupal.org/sa-core-2020-013	external
https://lists.debian.org/debian-lts-announce/2020…	external
https://www.debian.org/security/2020/dsa-4817	external
https://security.gentoo.org/glsa/202101-23	external
https://security.archlinux.org/ASA-202102-7	external
https://access.redhat.com/errata/RHSA-2022:6542	external
https://ubuntu.com/security/notices/USN-6981-1	external
https://ubuntu.com/security/notices/USN-6981-2	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Drupal ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. \u00dcber zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Drupal ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1443 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1443.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1443 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1443"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2621 vom 2021-04-08",
        "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html"
      },
      {
        "category": "external",
        "summary": "Drupal Security Advisory SA-CORE-2019-012 vom 2020-11-25",
        "url": "https://www.drupal.org/sa-core-2020-013"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2466 vom 2020-11-27",
        "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4817 vom 2020-12-19",
        "url": "https://www.debian.org/security/2020/dsa-4817"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202101-23 vom 2021-01-26",
        "url": "https://security.gentoo.org/glsa/202101-23"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202102-7 vom 2021-02-06",
        "url": "https://security.archlinux.org/ASA-202102-7"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6542 vom 2022-09-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:6542"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6981-1 vom 2024-08-27",
        "url": "https://ubuntu.com/security/notices/USN-6981-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6981-2 vom 2024-09-03",
        "url": "https://ubuntu.com/security/notices/USN-6981-2"
      }
    ],
    "source_lang": "en-US",
    "title": "Drupal: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
    "tracking": {
      "current_release_date": "2024-09-03T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-04T09:12:00.052+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2022-1443",
      "initial_release_date": "2020-11-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-11-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-11-29T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-12-07T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2020-D50D74D6F2, FEDORA-2020-6F1079934C"
        },
        {
          "date": "2020-12-20T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-01-25T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2021-02-07T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Arch Linux aufgenommen"
        },
        {
          "date": "2021-04-08T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-09-12T22:00:00.000+00:00",
          "number": "8",
          "summary": "Referenz(en) aufgenommen: FEDORA-2021-8093E197F4"
        },
        {
          "date": "2022-09-15T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-08-27T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-03T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Open Source Drupal \u003c9.0.9",
                  "product_id": "T017787"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.9",
                "product": {
                  "name": "Open Source Drupal 9.0.9",
                  "product_id": "T017787-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:drupal:drupal:9.0.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.9.10",
                "product": {
                  "name": "Open Source Drupal \u003c8.9.10",
                  "product_id": "T017788"
                }
              },
              {
                "category": "product_version",
                "name": "8.9.10",
                "product": {
                  "name": "Open Source Drupal 8.9.10",
                  "product_id": "T017788-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:drupal:drupal:8.9.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.8.12",
                "product": {
                  "name": "Open Source Drupal \u003c8.8.12",
                  "product_id": "T017789"
                }
              },
              {
                "category": "product_version",
                "name": "8.8.12",
                "product": {
                  "name": "Open Source Drupal 8.8.12",
                  "product_id": "T017789-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:drupal:drupal:8.8.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.75",
                "product": {
                  "name": "Open Source Drupal \u003c7.75",
                  "product_id": "T017790"
                }
              },
              {
                "category": "product_version",
                "name": "7.75",
                "product": {
                  "name": "Open Source Drupal 7.75",
                  "product_id": "T017790-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:drupal:drupal:7.75"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Drupal"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28948",
      "notes": [
        {
          "category": "description",
          "text": "In Drupal existieren mehrere Schwachstellen im Zusammenhang mit der PEAR Archive_Tar Bibliothek. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen PHP-Code zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017787",
          "67646",
          "T017788",
          "T000126",
          "T017789",
          "T013312",
          "T012167",
          "T017790"
        ]
      },
      "release_date": "2020-11-25T23:00:00.000+00:00",
      "title": "CVE-2020-28948"
    },
    {
      "cve": "CVE-2020-28949",
      "notes": [
        {
          "category": "description",
          "text": "In Drupal existieren mehrere Schwachstellen im Zusammenhang mit der PEAR Archive_Tar Bibliothek. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen PHP-Code zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017787",
          "67646",
          "T017788",
          "T000126",
          "T017789",
          "T013312",
          "T012167",
          "T017790"
        ]
      },
      "release_date": "2020-11-25T23:00:00.000+00:00",
      "title": "CVE-2020-28949"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-28949 (GCVE-0-2020-28949)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

RHSA-2022:7340

WID-SEC-W-2022-1443

Tags

Sightings

Nomenclature