CVE-2019-6338: Deserialization of Untrusted Data

January 22, 2019 (updated October 9, 2019)

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.

References

www.drupal.org/sa-core-2019-001

Detect and mitigate CVE-2019-6338 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →