Drupal Releases Security Updates

Scheduled updates for Drupal products

Threat ID:: CC-3979
Threat Severity:: Information only
Published:: 19 November 2021 11:14 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Drupal products

Affected platforms

The following platforms are known to be affected:

Versions: all 8.9.x prior to 8.9.20

Drupal 8

Versions: all 9.1.x prior to 9.1.14, all 9.2.x prior to 9.2.9

Drupal 9

Threat details

Introduction

Drupal has released security updates to address multiple vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review Drupal Security Advisory SA-CORE-2021-011 and apply the necessary updates.

CVE Vulnerabilities

Status Published

CVE-2021-41164

Status Published

CVE-2021-41165

Last edited: 19 November 2021 11:29 am