Decription: There will be multiple releases of Drupal contributed modules on Wednesday July 13th 2016 16:00 UTC that will fix highly critical remote code execution vulnerabilities (risk scores up to 22/25)
The following modules have security releases that are now available, listed in order of severity. There are no more releases planned for today.
- RESTWS - Highly critical - Remote code execution - SA-CONTRIB-2016-040
- Coder - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-039
- Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038
Affected versions: 7.x
Recommended action: The Drupal Security Team urges you to reserve time for module updates at that time because exploits are expected to be developed within hours/days.