Daily Gaming news, videos, reviews, tips & guides. Let's share our love of BigN games!

The Drupal panel removes dangerous security holes in the CMS

The Drupal panel removes dangerous security holes in the CMS

Newer versions of Drupal 7, 8.x and 9.x eliminate a security issue classified as critical by the Drupal team, based on a programming bug in the class using Drupal Archive_thar PEAR from the PHP Program Library. Archive_dor has an update, and as a result is integrated into the Drupal hub. Drupal users must switch to protected versions.

The vulnerability of the CVE-2021-32610 ID is that it activates attacks that travel the path using code links also known as simlinks. By entering certain URLs, attackers can gain unauthorized access to confidential content when they are called travelers. Any files or directories are particularly vulnerable in the case of Drupal Drupal-Advisory SA-CORE-2021-004 Not found though.

Drupal can only be attacked under certain conditions, and the developers should be advised: Simlings required for the attack are not allowed within the framework of the Drupal core archive application. However, modules from your own program code or from third-party providers (“contribution or custom code”) may target CMS – if this code is used to open tar archives from suspicious sources.

The Drupal panel recommends depending on the version series used Update to Drupal 7.82, 8.9.17, 9.1.11 or 9.2.2. The protected versions mentioned are attached in the advice mentioned above.

The PEAR team made improvements against CVE-2021-32610 last Tuesday: Archive_thar version 1.4.14 is available Should be used immediately by security conscious developers.


Home page