Description:
Drupal released security update to fix the vulnerability in Phar Stream Wrapper package which are included in the Drupal core. A remote attacker could exploit the vulnerability to bypass the protection against insecure deserialisation.
Affected Systems:
- Drupal version 7.x, 8.6.x, 8.7.x
Impact:
A successful attack could lead to remote code execution on an affected system.
Recommendation:
The product vendor has released patches to address the issues.
https://www.drupal.org/project/drupal/releases/8.7.1
https://www.drupal.org/project/drupal/releases/8.6.16
https://www.drupal.org/project/drupal/releases/7.67
More Information:
https://www.drupal.org/sa-core-2019-007
