Drupal’s Archive Tar patches multiple crititical vulnerabilities

Drupal Core announced multiple critical vulnerabilities that impact some of its configurations for versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev.

The Drupal project uses the third-party library Archive_Tar, which released a security update – SA-CORE-2019-012, according to a Dec. 18 advisory.

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and

...continue reading...

Source: SC Magazine / Article: "Drupal’s Archive Tar patches multiple crititical vulnerabilities"