Drupal published a security advisory to address a vulnerability in the Drupal products. The details of security update can be found at:
https://www.drupal.org/sa-core-2024-001
Please note that systems without the Comment module are not affected. For detailed information of the affected systems, please refer to the sections "Affected versions" and "Description" of corresponding security advisory at vendor's website.
Please note that Drupal 8, Drupal 9 and Drupal 10 prior to version 10.1 have reached End-Of-Life (EOL). No security updates will be provided after that. System administrators should arrange upgrading the Drupal to supported versions or migrating to other supported technology.
Successful exploitation of the vulnerability could lead to denial of service on an affected system.
Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
Drupal 10.1.8
https://www.drupal.org/project/drupal/releases/10.1.8
Drupal 10.2.2
https://www.drupal.org/project/drupal/releases/10.2.2