The Latest in IT Security

Drupal Patches Three Vulnerabilities in Core Engine

23
Jun
2017

drupal-patches-three-vulnerabilities-in-core-engine

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupal’s core engine on Wednesday.

The most pressing issue addressed by the update, which brings Drupal 8 to version 8.3.4 and Drupal 7 to Drupal 7.56, could have led to code execution, the content management software’s security team warned. The YAML parser in Drupal 8, PECL, failed to handle PHP objects safely during operations with Drupal Core, according to the advisory. That could have opened it up to remote code execution.

Related posts:
  1. Critical Vulnerabilities Fixed in Drupal 7.29 and 6.32
  2. Cisco Patches XXE, DOS, Code Execution Vulnerabilities
  3. Drupal Patches Flaw Exploited in Spam Campaigns
  4. Drupal 7.27 and 6.31 Released to Fix Information Disclosure Vulnerability
  5. Drupal sites at risk due to insecure update mechanism

Read More

Tags:  
Written by Threatpost
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments