Day: 28 abril, 2021

Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13672Description: Drupal cores sanitization API fails to properly filter cross-site scripting under certain circumstances.Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this More info: https://www.drupal.org/sa-core-2021-002

Initial Publication Date: 2021/04/26 10:20 AM PDT On April 13th, 2021, AWS became aware of an edge case that affected how some Application Load Balancers (ALB) handled key rotation for TLS/SSL session ticket encryption. This edge case was introduced in September, 2020 and resulted in a small percentage of ALB traffic intermittently using an uninitialized session ticket encryption key. The edge case was triggered primarily during quiet periods of activity. ALBs with a high variation of traffic, More info: https://aws.amazon.com/security/security-bulletins/AWS-2021-002/