DRUPAL-CORE-2020-013
The Drupal project uses the PEAR Archive\Tar library. The PEAR Archive\Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...