Drupal Deserialization of Untrusted Data Vulnerability - CVE-2020-28948 - Vulnerability Database

Drupal Deserialization of Untrusted Data Vulnerability - CVE-2020-28948

High

Reference: CVE-2020-28948

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-28948

Title: Drupal Deserialization of Untrusted Data Vulnerability

Overview:

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.