Industry News
Industry News

Drupal patches two critical vulnerabilities

The Drupal Security Team issued updates for a pair of critical flaws, one allowing remote code execution and another giving access to parts of the system without full administrative permissions.
 
The first critical issue is cross-site scripting exceptions that would allow an attacker, who created a specially crafted URL, to execute arbitrary code in a victim's browser. This vulnerability existed because Drupal was not properly sanitizing an exception. The second would allow non-authorized personnel to download a full config report, which should normally be limited to only those with export configuration permission.
 
A less critical problem was also patched, stopping users who only have rights to edit a node from being able to set the visibility of comments for that node.
 
The updates are listed under advisory DRUPAL-SA-CORE-2016-004. The vulnerabilities affect Drupal version 8.x and are patched by upgrading to version 8.1.10.
 
 
 
Source: scmagazine.com

You May Also Like

March 23, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017
February 10, 2017

Get Aggregated Monthly Industry News