Note that QuickEdit module is enabled by default with the Drupal standard installation profile. Only sites that use the modules mentioned above are affected. JSON:API module: Fixes an access bypass vulnerability that the module also did not properly check the field access in certain circumstances.ĬVE ID: CVE-2020-13677 / : SA-CORE-2021-010. QuickEdit module: Fixes an access bypass vulnerability that the access to fields were not validated in certain circumstances.ĬVE ID: CVE-2020-13676 / : SA-CORE-2021-009. JSON:API module: When used along with the REST/File module, this security fixes a prior access bypass vulnerability that might allow an attacker to allow upload files bypassing the validation rules.ĬVE ID: CVE-2020-13675 / : SA-CORE-2021-008 QuickEdit module: Fixes a cross-site request forgery vulnerability where the module did not properly validate its URI endpoints.ĬVE ID: CVE-2020-13674 / : SA-CORE-2021-007 Media module: Fixes a cross-site request forgery vulnerability that a user with permission to embed media could inject HTML.ĬVE ID: CVE-2020-13673 / : SA-CORE-2021-006 This security update fixes several vulnerabilities in the bundled JSON:API, Media, and QuickEdit modules. Among these versions, 9.2 is the active and recommended branch for new projects, however, all four branches are covered by Drupal security coverage.Īll Drupal 8.x versions prior to Drupal 8.9.x and Drupal 9.x versions prior to Drupal 9.1.x are not covered by Drupal security coverage, and no longer receive security updates, and may be vulnerable.ĭrupal 7.x versions are not affected by this security update. Drupal core maintainers have released three new Drupal core releases in Drupal 8.9.x, 9.1.x, and 9.2.x series that fix several security vulnerabilities.ĭrupal, the popular open-source content management system software written in PHP, has four version branches that receive security updates: 7.x, 8.9.x, 9.1, and 9.2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |