Overview On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities. (more…)
Tag: Drupal
Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis
1 Vulnerability Description Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)
Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert
Overview On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)
Drupal Remote Code Execution Vulnerability (CVE-2019-6340) Threat Alert
Overview Drupal released a security advisory, announcing remediation of a highly critical remote code execution vulnerability (CVE-2019-6430), which stems from some field types improperly sanitizing data from non-form sources, leading to potential execution of arbitrary PHP code. (more…)
