Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-6rmq-x2hv-vxpp

GitHub Security Advisory

Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details

Affected Packages

Packagist drupal/drupal
Affected versions: 7.0.0 (fixed in 7.62.0)
Packagist drupal/drupal
Affected versions: 8.0.0 (fixed in 8.5.9)
Packagist drupal/drupal
Affected versions: 8.6.0 (fixed in 8.6.6)

Related CVEs

CVE-2019-6338

Key Information

GHSA ID
GHSA-6rmq-x2hv-vxpp
Published
December 2, 2019 6:11 PM
Last Modified
February 5, 2024 3:41 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
drupal/drupal
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.