What is New
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
2021-January-20
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see: Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
Presented by: Drupal Security advisories
Drupal core - Critical - Arbitrary PHP code execution
2020-November-25
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
Presented by: Drupal Security advisories