AVG-1463 log
| Package | drupal |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 9.0.6-2 |
| Fixed | 9.1.7-1 |
| Current | 10.2.4-1 [extra] |
| Ticket | None |
| Created | Tue Jan 19 08:56:22 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-36193 | Medium | Yes | Directory traversal | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to... |
| CVE-2020-13672 | Critical | Yes | Cross-site scripting | Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7,... |
| Notes |
|---|
Drupal version 9.1.7 bundles Archive_Tar version 1.4.13. |