AVG-1463 log

Package drupal
Status Fixed
Severity Critical
Type multiple issues
Affected 9.0.6-2
Fixed 9.1.7-1
Current 10.2.4-1 [extra]
Ticket None
Created Tue Jan 19 08:56:22 2021
Issue Severity Remote Type Description
CVE-2020-36193 Medium Yes Directory traversal
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to...
CVE-2020-13672 Critical Yes Cross-site scripting
Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7,...
Drupal version 9.1.7 bundles Archive_Tar version 1.4.13.