Multiple Critical Vulnerabilities in Drupal (SA-CORE-2018-001)

February 22, 2018

Summary

Multiple critical vulnerabilities have been discovered in Drupal core. [1]

Impact

Attackers may be able to view restricted content or add content of their own. Additionally, a JavaScript function in Drupal core may allow attackers to perform cross-site scripting attacks. 

Vulnerable

  • Drupal 7.x
  • Drupal 8.4.x

Recommendations

  • Install the Drupal patches outlined in Drupal security advisory SA-CORE-2018-001.
  • If you utilize the Open Berkeley turnkey Drupal web platform, your site will automatically be patched by end of day Feb. 22nd, 2018. [2]

References

[1]  https://www.drupal.org/sa-core-2018-001
[2]  https://open.berkeley.edu/