Drupal Releases Critical Security Updates

Drupal has released critical updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to take control of an affected system.

Threat ID:: CC-2311
Category:
Threat Severity:: Low
Threat Vector:
Published:: 26 April 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Drupal has released critical updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to take control of an affected system.

Affected platforms

The following platforms are known to be affected:

Drupal 8

Drupal - versions 8.5.2 / 8.4.7 / 7.58 and earlier

Threat details

Remediation steps

Type	Step
	NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. NCS's Web Check service can identify if the latest version of Drupal 7 is in use or not. We encourage organisations to utilise this free service to check for known vulnerabilities on your websites.

Type

Step

NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.
NCS's Web Check service can identify if the latest version of Drupal 7 is in use or not. We encourage organisations to utilise this free service to check for known vulnerabilities on your websites.

Last edited: 17 February 2020 12:42 pm