Drupal has published a security advisory to address a vulnerability found in Drupal core. Remote and unprivileged attackers could exploit the vulnerability to run arbitrary code on affected systems.
Successful exploitation of the vulnerability could lead to remote code execution and compromise of integrity of data on an affected system.
Drupal has released new versions of the product to address the issues and they can be downloaded at the following URLs:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.drupal.org/sa-core-2018-002
https://www.us-cert.gov/ncas/current-activity/2018/03/28/Drupal-Releases-Critical-Security-Updates
https://www.hkcert.org/my_url/en/alert/18032901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600