Name of the Vulnerable Software and Affected Versions: Drupal (affected versions not specified)

Description: The issue arises from the use of the third-party library Archive Tar, which has released a security improvement. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: Update Drupal to the latest version to mitigate the file processing vulnerabilities by updating Archive Tar to 1.4.9. As a temporary workaround, consider restricting file uploads to exclude .tar, .tar.gz, .bz2, and .tlz files until the issue is resolved.