Drupal Core – Multiple Vulnerabilities

Posted on Posted in Drupal

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Description:

  • PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution
  • The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled
  • Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

Affected versions:

  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4

Recommended action:

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *