Security advisories - RSS Feed

Latest articles

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011

Project: Drupal coreDate: 2022-June-10Security risk: Moderately critical 13∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Third-party librariesCVE IDs: CVE-2022-31042CVE-2022-31043Description: Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended. Drupal uses the third-party Guzzle library...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010

Project: Drupal coreDate: 2022-May-25Security risk: Moderately critical 13∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Third-party librariesCVE IDs: CVE-2022-29248Description: Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update...

Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible...

Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006

Project: Drupal coreDate: 2022-March-21Security risk: Moderately critical 11∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesCVE IDs: CVE-2022-24775Description: Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005

Project: Drupal coreDate: 2022-March-16Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesCVE IDs: CVE-2022-24728CVE-2022-24729Description: The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities...

Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureCVE IDs: CVE-2022-25270Description: The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing"...

Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationCVE IDs: CVE-2022-25271Description: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation....

Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross site scriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing...

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!