PT-2024-40367 · Unknown+1 · Archive Tar+1
Published
2024-05-15
·
Updated
2024-05-15
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal versions prior to the latest version that updates Archive Tar to 1.4.9
Description
The issue arises from the use of the third-party library Archive Tar, which has released a security improvement. Multiple vulnerabilities are possible if Drupal is configured to allow file uploads of certain types, such as .tar, .tar.gz, .bz2, or .tlz, and processes them.
Recommendations
For versions prior to the latest version that updates Archive Tar to 1.4.9, update Drupal to the latest version to mitigate the file processing vulnerabilities.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Archive Tar
Drupal