Drupal Releases Security Updates

Scheduled updates for Drupal products address two vulnerabilities

Threat ID:: CC-4083
Threat Severity:: Information only
Published:: 22 April 2022 1:56 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Drupal products address two vulnerabilities

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 9.3.12, all prior to 9.2.18

Drupal 9

Threat details

Prior versions of Drupal

Drupal 9 prior to 9.2.x and Drupal 8 are end-of-life and do not receive security coverage.

Drupal 7 is not affected.

Introduction

Drupal has released security advisories for two moderately critical vulnerabilities affecting Drupal products. The first vulnerability, which is covered in advisory sa-core-2022-008, is an improper input validation issue affecting both Drupal 9.3 and Drupal 9.2. The second advisory, sa-core-2022-009, addresses an access bypass vulnerability that only affects Drupal 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review Drupal Security Advisories sa-core-2022-008 and sa-core-2022-009 and apply the necessary update.

Definitive source of threat updates

Last edited: 22 April 2022 2:25 pm