Drupal releases a security update to address a critical vulnerability in a third-party library with documented exploits available in the wild.
“The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal,” the Drupal security team said.
As per Drupal’s security advisory, the vulnerability results from a bug in the PEAR Archive_Tar library used by the CMS tracked as CVE-2020-36193. The bug causes out-of-path extraction vulnerabilities via “write operations with Directory Traversal due to inadequate checking of symbolic links.”
To Read More: Bleepingcomputer