3rd-party libraries bug allows attacker to take full control of the affected Drupal websites

in #drupal6 years ago

Critical vulnerabilities in the one of Drupal plugin were tracked, which could be exploited by attackers to take complete control of the affected Drupal site. An Attacker can use this bug to hack the Drupal website by using a specially crafted “X-Original-URL” or “X-Rewrite-URL” HTTP header.


Drupal’s maintenance staff solved the security bypass vulnerability by releasing a new version of the popular content management system version 8.5.6.


CVE-2018-14773

Affected version


    Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2

    Drupal 8.x versions before 8.5.6


Unaffected version


    Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3

    Drupal 8.5.6


Solution

Upgrade to the unaffected version.

Sort:  

This post has received a 3.13 % upvote from @drotto thanks to: @alanna27.

Congratulations @alanna27! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard:
SteemitBoard and the Veterans on Steemit - The First Community Badge.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!