cbcvebase.
CVE-2019-6338
published 2019-01-22

CVE-2019-6338: In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This…

PriorityP338high8CVSS 3.0
AVNACLPRLUIRSUCHIHAH
EPSS
2.27%
80.9th percentile
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
drupalcore>= 8.0.0 < 8.5.98.5.9
drupalcore>= 8.6.0 < 8.6.68.6.6
drupaldrupal>= 7.0 < 7.627.62
drupaldrupal>= 7.0.0 < 7.62.07.62.0
drupaldrupal>= 8.0.0 < 8.5.98.5.9
drupaldrupal>= 8.5.0 < 8.5.98.5.9
drupaldrupal>= 8.6.0 < 8.6.68.6.6
drupaldrupal>= 8.6.0 < 8.6.68.6.6
drupaldrupal_core

CVSS provenance

nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
ghsa8.8HIGH
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.