Security Alert (A19-05-03): Vulnerability in Drupal


 

Published on: 09 May 2019

  
  

Description:

Drupal released security update to fix the vulnerability in Phar Stream Wrapper package which are included in the Drupal core. A remote attacker could exploit the vulnerability to bypass the protection against insecure deserialisation.

 

Affected Systems:

  • Drupal version 7.x, 8.6.x, 8.7.x

 

Impact:

A successful attack could lead to remote code execution on an affected system.

 

Recommendation:

The product vendor has released patches to address the issues.

  • Drupal 8.7.1

https://www.drupal.org/project/drupal/releases/8.7.1

  • Drupal 8.6.15

https://www.drupal.org/project/drupal/releases/8.6.16

  • Drupal 7.67

https://www.drupal.org/project/drupal/releases/7.67

 

More Information:

https://www.drupal.org/sa-core-2019-007

 



Tag: Drupal
Tags