vulnerability
FreeBSD: VID-9b8a52fc-89c1-11e9-9ba0-4c72b94353b5: drupal -- Drupal core - Moderately critical
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 8, 2019 | Jun 8, 2019 | Dec 10, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 8, 2019
Added
Jun 8, 2019
Modified
Dec 10, 2025
Description
Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.
Solutions
freebsd-upgrade-package-drupal7freebsd-upgrade-package-drupal8
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.