Drupal Releases Security Updates

Threat ID:: CC-3947
Threat Severity:: Information only
Published:: 20 September 2021 11:48 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: all 8.9.x prior to 8.9.19

Drupal 8

Versions: all 9.1.x prior to 9.1.13, and all 9.2.x prior to 9.2.6

Drupal 9

Threat details

Introduction

Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the Drupal Security Advisories and apply the necessary updates.

Remediation steps

Type	Step
Patch	Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006 https://www.drupal.org/sa-core-2021-006
Patch	Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007 https://www.drupal.org/sa-core-2021-007
Patch	Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008 https://www.drupal.org/sa-core-2021-008
Patch	Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009 https://www.drupal.org/sa-core-2021-009
Patch	Drupal core - Moderately critical - Access Bypass - SA-CORE-2021-010 https://www.drupal.org/sa-core-2021-010

Last edited: 20 September 2021 12:00 pm