Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure.
The vulnerability, now tracked as said. “This can lead to information disclosure, and in some cases, privilege escalation, remote code execution, or other attacks.”
Drupal noted that the security flaw can be exploited by anonymous users, and impacts only sites that use PostgreSQL. The following versions address the issue –
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
- Drupal 11.3.10
- Drupal 11.2.12
- Drupal 11.1.10
- Drupal 10.6.9
- Drupal 10.5.10
- Drupal 10.4.10
Drupal 7 isn’t affected. The releases for supported branches (versions 11.3, 11.2, 10.6, and 10.5) include upstream security updates for Symfony and Twig, making it essential that the latest versions are installed.
As previously disclosed by Drupal, manual patches have also been released for Drupal versions 9 and 8, which have reached end-of-life –
- Drupal 9.5
- Drupal 8.9
“Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage,” Drupal said. “Drupal 8 and Drupal 9 have both reached end-of-life.”
“Due to this issue’s severity, the unsupported releases and patches for unsupported versions are provided as a best effort. Those unsupported versions will still have other, previously disclosed security vulnerabilities.”
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development