Drupal Releases Security Update

Threat ID:: CC-3912
Threat Severity:: Information only
Published:: 27 July 2021 11:36 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 7.82

Drupal 7

Versions: all prior to 8.9.17

Drupal 8

Versions: all 9.1.x prior to 9.1.11, or all 9.2 prior to 9.2.2

Drupal 9

Threat details

Introduction

Drupal has released a security update to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. Drupal's core use of the pear Archive_Tar library is not vulnerable but exploitation could happen if custom code uses the library to extract tar archives from an untrusted source. An attacker could exploit this vulnerability to take control of an affected system.

Remediation advice

Organisations are encouraged to review Drupal Advisory SA-CORE-2021-004 and apply the necessary updates or mitigations.

Last edited: 29 July 2021 3:24 pm