Boletines de Vulnerabilidades

Drupal core - Critical - Drupal core - Critical - Third-party libraries - SA-CORE-2021-004


Información sobre el sistema

   
Software afectado Drupal

Descripción

Project: Drupal coreDate: 2021-July-21Security risk: Critical 15∕25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Drupal core - Critical - Third-party librariesCVE IDs: CVE-2021-32610Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal.The vulnerability is mitigated by the fact that Drupal cores use of the Archive_Tar library is not vulnerable, as it does not permit symlinks.Exploitation may

More info:

https://www.drupal.org/sa-core-2021-004

Identificadores estándar

Propiedad Valor
CVE CVE-2021-32610.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-05-26

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT