Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Drupal: Patch released today to fix a highly critical RCE in contributed modules - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Drupal: Patch released today to fix a highly critical RCE in contributed modules

Drupal announced that they will release today (Wed July 13th 2016 16:00 UTC) a patch that will fix highly critical remote code execution vulnerabilities in contributed modules. Drupal core is not affected.

The vulnerability is a "PHP Arbitrary Code Execution" and is rated up to 22/25 (based on risk calculation model used by Drupal - details here). The vulnerable modules are used on between 1.000 and 10.000 instances.

If you maintain one or more Drupal websites, review the list of affected contributed modules and apply the patch as soon as possible if you're affected.

Link to the advisory ID: DRUPAL-PSA-2016-001

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

Xme

455 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!