CVE-2020-13664
https://notcve.org/view.php?id=CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1. • https://www.drupal.org/sa-core-2020-005 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-13665
https://notcve.org/view.php?id=CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1. Una vulnerabilidad de omisión de acceso en Drupal Core permite JSON:API cuando JSON:API está en modo de lectura y escritura. Solo los sitios que tienen read_only ajustado en FALSE bajo la configuración jsonapi.settings son vulnerables. • https://www.drupal.org/sa-core-2020-006 •
CVE-2020-13666
https://notcve.org/view.php?id=CVE-2020-13666
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. Una vulnerabilidad de tipo cross-site scripting en Drupal Core. La API de Drupal AJAX no deshabilita JSONP por defecto, permitiendo un ataque de tipo XSS. • https://www.drupal.org/sa-core-2020-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36193 – PEAR Archive_Tar Improper Link Resolution Vulnerability
https://notcve.org/view.php?id=CVE-2020-36193
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. El archivo Tar.php en Archive_Tar versiones hasta 1.4.11, permite operaciones de escritura con Salto de Directorio debido a una comprobación inadecuada de enlaces simbólicos, un problema relacionado al CVE-2020-28948 A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences (/../) to modify arbitrary files on the system. PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. • https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-13671 – Drupal core Un-restricted Upload of File
https://notcve.org/view.php?id=CVE-2020-13671
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. Drupal core no sanea apropiadamente determinados nombres de archivo en los archivos cargados, lo que puede conllevar a unos archivos ser interpretados como la extensión incorrecta y servir como el tipo MIME incorrecto o ser ejecutados como PHP para determinadas configuraciones de alojamiento. Este problema afecta: Drupal Drupal Core versiones 9.0 anteriores a 9.0.8, versiones 8.9 anteriores a 8.9.9, versiones 8.8 anteriores a 8.8.11 y versiones 7 anteriores a 7.74 Improper sanitization in the extension file names is present in Drupal core. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT https://www.drupal.org/sa-core-2020-012 • CWE-434: Unrestricted Upload of File with Dangerous Type •