logo

Database

Insecure file upload In drupal/core

Description

Drupal core unrestricted file upload Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.

After this fix, file_save_upload() now trims leading and trailing dots from filenames.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-7gwj-7fhm-vw4w

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-2.yaml2. https://www.drupal.org/sa-core-2019-010

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.