Problem A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Apply the appropriate update for your version of Drupal as soon as possible after appropriate testing.
The product vendor has released patches to address the issues. Drupal has released updates to mitigate the vulnerability. All versions of Drupal 9 prior to 9.4.x are end-of-life and do not receive security coverage. If you are using Drupal 7, update to Drupal 7.96. If you are using Drupal 9.4, update to Drupal 9.4.14. If you are using Drupal 9.5, update to Drupal 9.5.8.
#Drupal core update vulnerability install
Updating your existing Drupal 8 sites is strongly. Solution: Install the latest version: If you are using Drupal 10.0, update to Drupal 10.0.8. A new update for WordPress has been released which features security and bug fixes in WordPress 6.2.1. Description: Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities. Drupal announced two vulnerabilities affecting versions 9.2 and 9.3 that could allow an attacker to upload malicious files and take control of a site. Users should arrange upgrading the Drupal to supported versions or migrating to other supported technology.Ī successful attack could lead to cross site scripting on an affected system. WordPress 6.2.1 Security & Maintenance Release.
No security updates will be provided after that. Please note that Drupal 8 prior to version 8.9.x has reached its End-Of-Life (EOL). A remote attacker may send specially crafted API requests to a vulnerable system to exploit the vulnerability. Drupal has released a security advisory to address a vulnerability of improper sanitisation of API requests in Drupal Core.
0 kommentar(er)
