3rd-party libraries bug allows attacker to take full control of the affected Drupal websites

in #drupal6 years ago

Critical vulnerabilities in the one of Drupal plugin were tracked, which could be exploited by attackers to take complete control of the affected Drupal site. An Attacker can use this bug to hack the Drupal website by using a specially crafted “X-Original-URL” or “X-Rewrite-URL” HTTP header.


Drupal’s maintenance staff solved the security bypass vulnerability by releasing a new version of the popular content management system version 8.5.6.


CVE-2018-14773

Affected version


    Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2

    Drupal 8.x versions before 8.5.6


Unaffected version


    Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3

    Drupal 8.5.6


Solution

Upgrade to the unaffected version.

#website #news #blog #new
6 years ago in #drupal by
$0.00
    2 votes
    Reply 3
    Sort:  
  • Trending
    • [-]
     6 years ago 

    This post has received a 3.13 % upvote from @drotto thanks to: @alanna27.

    $0.00
      Reply
      [-]
       6 years ago 

      Congratulations @alanna27! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

      Award for the number of comments

      Click on the badge to view your Board of Honor.
      If you no longer want to receive notifications, reply to this comment with the word STOP

      Do not miss the last post from @steemitboard:
      SteemitBoard and the Veterans on Steemit - The First Community Badge.

      Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

      $0.00
        Reply