Out-of-band Drupal security updates fix bugs with known exploits – Help Net Security
Drupal has launched out-of-band protection updates to correct two essential code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are recognised exploits for one particular of core’s dependencies and some configurations of Drupal are susceptible.” The vulnerabilities (CVE-2020-28948, CVE-2020-28949) CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities identified in the open up resource PEAR Archive_Tar library, which Drupal employs to cope with TAR information in PHP. “(The) vulnerabilities are feasible if Drupal is configured to allow for … Far more
The publish Out-of-band Drupal protection updates repair bugs with known exploits appeared to start with on Enable Internet Protection.
