High severityNVD Advisory· Published Jan 22, 2019· Updated Sep 16, 2024
third-party PEAR Archive_Tar library updates
CVE-2019-6338
Description
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/drupalPackagist | >= 7.0.0, < 7.62.0 | 7.62.0 |
drupal/drupalPackagist | >= 8.0.0, < 8.5.9 | 8.5.9 |
drupal/drupalPackagist | >= 8.6.0, < 8.6.6 | 8.6.6 |
Affected products
2- Range: 7.x
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6rmq-x2hv-vxppghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-6338ghsaADVISORY
- www.debian.org/security/2019/dsa-4370ghsavendor-advisoryx_refsource_DEBIANWEB
- www.securityfocus.com/bid/106706ghsavdb-entryx_refsource_BIDWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2019/02/msg00032.htmlghsamailing-listx_refsource_MLISTWEB
- www.drupal.org/sa-core-2019-001ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.