Security advisories - RSS Feed

Latest articles

Drupal core - Moderately critical - Access Bypass - SA-CORE-2021-010

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access BypassCVE IDs: CVE-2020-13677Description: Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access...

Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2020-13676Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites...

Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassCVE IDs: CVE-2020-13675Description: Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes...

Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 14∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13674Description: The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances...

Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13673Description: The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

Project: Drupal coreDate: 2021-August-12Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesDescription: The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal...

Drupal core - Critical - Drupal core - Critical - Third-party libraries - SA-CORE-2021-004

Project: Drupal coreDate: 2021-July-21Security risk: Critical 15∕25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Drupal core - Critical - Third-party librariesCVE IDs: CVE-2021-32610Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability...

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003

Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. CKEditor 4.16.1 and later include the fix. Users...

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13672Description: Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration...

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

Project: Drupal coreDate: 2021-January-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Third-party librariesDescription: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!