From securityaffairs.co
The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library.
The PEAR Archive_Tar class provides handling of tar files in PHP. It supports creating, listing, extracting, and adding to tar files.
The developers released core patches for the version 9.1, 9.0, 8.9, and 7 of the popular CMS.