6 matches found
Drupal 7.x < 7.78 / 8.9.x < 8.9.13 / 9.x < 9.0.11 / 9.1.x < 9.1.3 Directory Traversal (SA-CORE-2021-001)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.78, 8.9.x prior to 8.9.13, 9.x prior to 9.0.11, or 9.1.x prior to 9.1.3. It is, therefore, affected by a vulnerability. - Tar.php in ArchiveTar through 1.4.11 allows write operations...
Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-36193 DESCRIPTION: ArchiveTar could allow a remote attacker to traverse directories on the system, caused by inadequate checking of symbolic links. An attacker could send a specially-crafted U...
Drupal 7.x, 8.x, 9.x Archive_Tar library Vulnerability (SA-CORE-2021-001) - Windows
Drupal is prone to a vulnerability in the ArchiveTar library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Drupal 7.x, 8.x, 9.x Archive_Tar library Vulnerability (SA-CORE-2021-001) - Linux
Drupal is prone to a vulnerability in the ArchiveTar library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations...
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
The Drupal project uses the pear ArchiveTar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them...