Day: 20 diciembre, 2019

Publicado el

Drupal core – Moderately critical – Denial of Service – SA-CORE-2019-009

Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2019-December-18Security risk: Moderately critical 12∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Denial of ServiceDescription: A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.Solution: Install the latest version:If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.Versions More info: https://www.drupal.org/sa-core-2019-009
Publicado el

Drupal core – Moderately critical – Access bypass – SA-CORE-2019-011

Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2019-December-18Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: The Media Library module has a security vulnerability whereby it doesnt sufficiently restrict access to media items in certain configurations.Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.If you are using Drupal 8.8.x, you should upgrade to Drupal More info: https://www.drupal.org/sa-core-2019-011
Publicado el

Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2019-010

Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2019-December-18Security risk: Moderately critical 14∕25 AC:Basic/A:Admin/CI:Some/II:All/E:Theoretical/TD:DefaultVulnerability: Multiple vulnerabilitiesDescription: Drupal 8 cores file_save_upload() function does not strip the leading and trailing dot (.) from filenames, like Drupal 7 did.Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such More info: https://www.drupal.org/sa-core-2019-010
Publicado el

Drupal core – Critical – Multiple vulnerabilities – SA-CORE-2019-012

Project: Drupal coreVersion: 8.8.x-dev8.7.x-dev7.x-devDate: 2019-December-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Multiple vulnerabilitiesDescription: The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations.Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.The latest More info: https://www.drupal.org/sa-core-2019-012
Acceso Administrador
Translate »