Security Release – Drupal 8.2.7

The Drupal development team has issued a new release of the content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities.


Security Issues

The list of vulnerabilities includes the following:

  • An access bypass issue
  • A cross-site request forgery (CRSF) vulnerability
  • A remote code execution flaw

An access bypass flaw, tracked as CVE-2017-6377, affecting the editor module is considered the most severe vulnerability

A security advisory, provided by Drupal, reads the following.
“When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass.”

Another moderately critical vulnerability is a CSRF flaw tracked as CVE-2017-6379, it is related to the lack of CSRF protection for some administrative paths. An attacker can exploit the issue to disable some blocks of a website by knowing their block ID.

The last moderately critical vulnerability is a remote code execution vulnerability, CVE-2017-6381. The RCE flaw CVE-2017-6381 affects a third-party development library and is related to development dependencies.

What should I do?

Download & Upgrade your Drupal version immediately to 8.2.7.

As always, if you have any questions or comments then please let us know below.

Don’t delay, upgrade today!


Rate this post 1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Please DO NOT use this form to submit support requests, all information submitted will be PUBLICLY VISIBLE.

Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.