Archive uploads could be dangerous for Drupal websites
Source: Heise.de added 22nd Jan 2021
A library that uses the Drupal CMS is faulty and endangers websites with certain configurations. Security updates are available. Admins can also use a workaround to protect pages against such attacks.
In a warning message from the developer as ” critical “classified gap (CVE – 2020 – 36193) can be found in the pear-Archive_Tar library. The library takes care of the processing of compressed archives like .tar. After a successful attack, attackers could write to web servers (directory traversal).
Install update Websites are only threatened if the upload of such files is permitted. If admins deactivate the function, pages are not at risk. Alternatively, install one of the secured versions 7. 78 , 8.9. 13, 9.0. 11 or 9.1.3 . The developers point out that support for versions younger than 8.9.x has expired. These issues will no longer receive security updates.
(des)
brands: 11 longer One media: Heise.de
Related posts
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Related Products
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91