Drupal Issues Fix for Critical Vulnerability with Known Exploits

Drupal Issues Fix for Critical Vulnerability

Drupal releases a security update to address a critical vulnerability in a third-party library with documented exploits available in the wild.

“The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal,” the Drupal security team said.

As per Drupal’s security advisory, the vulnerability results from a bug in the PEAR Archive_Tar library used by the CMS tracked as CVE-2020-36193. The bug causes out-of-path extraction vulnerabilities via “write operations with Directory Traversal due to inadequate checking of symbolic links.”

To Read More:  Bleepingcomputer