Home / Content / Critical Update (SA-CORE-2021-001) for Drupal

Critical Update (SA-CORE-2021-001) for Drupal

Submitted by admin on Fri, 01/22/2021 - 13:30

The Drupal Security Team has released a Security Update which addresses a vulnerability affecting Drupal. An attacker may exploit this vulnerability to take control if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

The Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.

Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.