Bug 1900795 (CVE-2020-13671)

Summary: CVE-2020-13671 drupal: improper filename sanitization can lead to remote code execution
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: gwync, jsmith.fedora, peter.borsa, shawn, stickster
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-10 13:21:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1900796, 1900797, 1900798    
Bug Blocks:    

Description Guilherme de Almeida Suckevicz 2020-11-23 17:46:03 UTC 
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.

Reference:
https://www.drupal.org/sa-core-2020-012
Comment 1 Guilherme de Almeida Suckevicz 2020-11-23 17:46:39 UTC 
Created drupal7 tracking bugs for this issue:

Affects: epel-7 [bug 1900798]
Affects: fedora-all [bug 1900797]


Created drupal8 tracking bugs for this issue:

Affects: fedora-all [bug 1900796]
Comment 2 Shawn Iwinski 2021-09-10 04:16:40 UTC 
All dependant bugs have been closed... please close this bug