Drupal Core announced multiple critical vulnerabilities
that impact some of its configurations for
versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev.
The Drupal project uses the
third-party library Archive_Tar,
which released a security update – SA-CORE-2019-012, according to a Dec. 18
Multiple vulnerabilities are
possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file
uploads and processes them.
The latest versions of Drupal
update Archive_Tar to 1.4.9 to mitigate the file processing
also advises users to install the latest
- If you are using Drupal 7.x, upgrade to Drupal 7.69.
- If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.
- If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.
addition, updating to the Drupal 7.x core release will apply the fixes for all the
The post Drupal’s Archive Tar patches multiple crititical vulnerabilities appeared first on SC Media.