Description:
The Drupal project uses the pear Archive_Tar library, which has released a
security update that impacts Drupal. For more information please see:
* CVE-2020-36193 [3]
Exploits may be possible if Drupal is configured to allow .tar, .tar.gz,
.bz2, or .tlz file uploads and processes them.
Solution:
Install the latest version:
If you are using Drupal 9.1, update to Drupal 9.1.3 [4].
If you are using Drupal 9.0, update to Drupal 9.0.11 [5].
If you are using Drupal 8.9, update to Drupal 8.9.13 [6].
If you are using Drupal 7, update to Drupal 7.78 [7].
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive
security coverage.
Security Advisory - https://www.drupal.org/sa-core-2021-001 Project: Drupal core [1] Date: 2021-January-20 Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon [2] Vulnerability: Third-party libraries
Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:
* CVE-2020-36193 [3]
Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
Solution: Install the latest version:
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.