Out-of-band Drupal security updates fix bugs with known exploits

27 November 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vulnerable.” The vulnerabilities (CVE-2020-28948, CVE-2020-28949) CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities found in the open source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP. “(The) vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them,” the Drupal Security Team explained.

Read full article on Help Net Security

Date:

27 November 2020

Categorie(s):

NEWS

Tag(s):

Content-management Framework, Drupal, IT, Open Source, PoC

Discover How DeepL Write Pro Enhances Accuracy and Security26 April 2024
The #1 Reason Why Organizations Skip Security26 April 2024
Still On CentOS 6? ELevate Can Now Lift and Shift You to a Modern RHEL Clone26 April 2024
Zero Trust strategies for navigating IoT/OT security challenges26 April 2024
Second time lucky for Thoma Bravo, which scoops up Darktrace for $5.3B26 April 2024