third-party PEAR Archive_Tar library updates
CVE-2019-6338

8HIGH

Key Information:

Vendor: Drupal
Status: Drupal Core
Vendor: CVE Published:; 22 January 2019

Summary

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details

Affected Version(s)

Drupal core 7.x < 7.62

Drupal core 8.6.x < 8.6.6.

Drupal core 8.5.x < 8.5.9

References

https://www.drupal.org/sa-core-2019-001

x_refsource_CONFIRM

https://www.debian.org/security/2019/dsa-4370

vendor-advisoryx_refsource_DEBIAN

https://lists.debian.org/debian-lts-announce/2019/02/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2019
Vulnerability Reserved
Jan 15, 2019

.