Patch Now! Multiple Serious Flaws Found in Drupal

Drupal maintainers have distributed patches for five security vulnerabilities which includes 2 'critical'. The two critical flaws allow remote code execution in Drupal versions 7.x and 8.x. There are three moderate flaws that also affect Drupal 7 and 8 and can be used for cache poisoning attacks, entering an open redirect path to malicious URLs and a content moderation access bypass. The recommendation is to upgrade 7.x to 7.60, 8.6.x to 8.6.2, and 8.5.x or earlier to 8.5.8.


Relevant URL(s): https://nakedsecurity.sophos.com/2018/10/23/patch-now-multiple-serious-flaws-found-in-drupal/