2 matches found
DRUPAL-CORE-2021-004
The Drupal project uses the pear Archive\Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive\Tar library is not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib o...
DRUPAL-CORE-2020-013
The Drupal project uses the PEAR Archive\Tar library. The PEAR Archive\Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...