In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| drupal/drupal(Packagist) | 7.0.0 | 7.62.0 | N/A |
| drupal/drupal(Packagist) | 8.0.0 | 8.5.9 | N/A |
| drupal/drupal(Packagist) | 8.6.0 | 8.6.6 | N/A |
CVSS Metrics
