Read the original article: Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vulnerable.” The vulnerabilities (CVE-2020-28948, CVE-2020-28949) CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities found in the open source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP. “(The) vulnerabilities are possible if Drupal is configured to allow … More
The post Out-of-band Drupal security updates fix bugs with known exploits appeared first on Help Net Security.
Read the original article: Out-of-band Drupal security updates fix bugs with known exploits