Advisory: Drupal fixes multiple vulnerabilities
January 2, 2020
Overview
On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities. (more…)
Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis
August 5, 2019
1 Vulnerability Description
Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)
Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert
July 31, 2019
Overview
On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (more…)
Drupal Remote Code Execution Vulnerability (CVE-2019-6340) Threat Alert
March 2, 2019
Overview
Drupal released a security advisory, announcing remediation of a highly critical remote code execution vulnerability (CVE-2019-6430), which stems from some field types improperly sanitizing data from non-form sources, leading to potential execution of arbitrary PHP code. (more…)
