Lucene search
DrupalCVELIST:CVE-2019-6338HistoryJan 22, 2019 - 3:00 p.m.
CVE-2019-6338 third-party PEAR Archive_Tar library updates
2019-01-2215:00:00
drupal
www.cve.org
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
CNA Affected
[
{
"product": "Drupal core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.62",
"status": "affected",
"version": "7.x",
"versionType": "custom"
},
{
"lessThan": "8.6.6. ",
"status": "affected",
"version": "8.6.x",
"versionType": "custom"
},
{
"lessThan": "8.5.9",
"status": "affected",
"version": "8.5.x",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2019-6338
2019-01-22 14:29:00
CVE-2018-1000888
2018-12-28 16:29:01
cve
cve
CVE-2019-6338
2019-01-22 15:00:00
CVE-2018-1000888
2018-12-28 16:29:01
drupal
drupal
Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001
2019-01-16 00:00:00
github
github
ubuntucve
ubuntucve
CVE-2019-6338
2019-01-22 00:00:00
CVE-2018-1000888
2018-12-28 00:00:00
osv
osv
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
2019-12-02 18:11:25
CVE-2019-6338
2019-01-22 14:29:00
Archive_Tar contains Potential RCE if filename starts with phar://
2023-07-07 13:42:43
veracode
veracode
Object Injection
2019-01-23 06:38:24
Arbitrary File Deletion
2018-12-31 01:31:32
prion
prion
Code injection
2019-01-22 14:29:00
Arbitrary file deletion
2018-12-28 16:29:00
debiancve
debiancve
CVE-2019-6338
2019-01-22 14:29:00
CVE-2018-1000888
2018-12-28 16:29:01
openvas
openvas
Debian: Security Advisory (DLA-1685-1)
2019-02-19 00:00:00
Drupal Multiple Vulnerabilities (SA-CORE-2019-001, SA-CORE-2019-002) - Linux
2019-01-18 00:00:00
nessus
nessus
Drupal 7.x < 7.62 / 8.5.x < 8.5.9 / 8.6.x < 8.6.6 Multiple Vulnerabilities (SA-CORE-2019-001, SA-CORE-2019-002)
2019-01-16 00:00:00
Debian DLA-1685-1 : drupal7 security update
2019-02-20 00:00:00
Debian DSA-4378-1 : php-pear - security update
2019-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1685-1] drupal7 security update
2019-02-20 03:23:28
[SECURITY] [DSA 4378-1] php-pear security update
2019-01-30 15:44:53
[SECURITY] [DSA 4378-1] php-pear security update
2019-01-30 15:44:53
friendsofphp
friendsofphp
Potential RCE if filename starts with phar://
2018-12-20 19:11:37
Critical - Third Party Libraries
1970-01-01 00:00:00
Potential RCE if filename starts with phar://
2018-12-20 19:11:37
ubuntu
ubuntu
PEAR vulnerability
2019-01-14 00:00:00
redhatcve
redhatcve
CVE-2018-1000888
2020-01-15 03:35:00
amazon
amazon
Medium: php-pear
2019-02-13 18:35:00
alpinelinux
alpinelinux
CVE-2018-1000888
2018-12-28 16:29:01
cvelist
cvelist
CVE-2018-1000888
2018-12-27 18:00:00
packetstorm
packetstorm
PEAR Archive_Tar PHP Object Injection
2019-01-10 00:00:00
exploitpack
exploitpack
PEAR Archive_Tar 1.4.4 - PHP Object Injection
2019-01-10 00:00:00
gentoo
gentoo
PEAR Archive_Tar: Remote code execution vulnerability
2020-06-15 00:00:00
exploitdb
exploitdb
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
2019-01-10 00:00:00