CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
98.7%
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193
www.drupal.org/project/drupal/releases/7.78
www.drupal.org/project/drupal/releases/8.9.13
www.drupal.org/project/drupal/releases/9.0.11
www.drupal.org/project/drupal/releases/9.1.3
www.drupal.org/user/102818
www.drupal.org/user/1771466
www.drupal.org/user/2485138
www.drupal.org/user/255969
www.drupal.org/user/36762
www.drupal.org/user/370574
www.drupal.org/user/395439
www.drupal.org/user/55284
www.drupal.org/user/65776
www.drupal.org/user/93488
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
98.7%