Drupal

Advisory: Drupal fixes multiple vulnerabilities

January 2, 2020

Overview

On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities. (more…)

Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis

August 5, 2019

1 Vulnerability Description

Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)

Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert

July 31, 2019

Overview

On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)

Drupal Remote Code Execution Vulnerability (CVE-2019-6340) Threat Alert

March 2, 2019

Overview

Drupal released a security advisory, announcing remediation of a highly critical remote code execution vulnerability (CVE-2019-6430), which stems from some field types improperly sanitizing data from non-form sources, leading to potential execution of arbitrary PHP code. (more…)