What is CVE-2020-28948?

CVE-2020-28948 is a vulnerability in N/a. Published 2020-11-19.

Is CVE-2020-28948 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CVE-2020-28948

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

EPSS: 0.769 (99.0th percentile) — read the EPSS interpretation.

github.com/pear/Archive_Tar/issues/33 (x_refsource_MISC)
www.drupal.org/sa-core-2020-013 (x_refsource_CONFIRM)
[debian-lts-announce] 20201127 [SECURITY] [DLA 2466-1] drupal7 security update (mailing-list, x_refsource_MLIST)
FEDORA-2020-f351eb14e3 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-5271a896ff (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-6f1079934c (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-d50d74d6f2 (vendor-advisory, x_refsource_FEDORA)
DSA-4817 (vendor-advisory, x_refsource_DEBIAN)
GLSA-202101-23 (vendor-advisory, x_refsource_GENTOO)
FEDORA-2021-8093e197f4 (vendor-advisory, x_refsource_FEDORA)

What is CVE-2020-28948?: CVE-2020-28948 is a vulnerability in N/a. Published 2020-11-19.
Is CVE-2020-28948 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.