Report incident

Security Alerts

Vulnerability Alert - Drupal core

type Vulnerabilities
Systems AffectedDrupal with versions equal or before 8.7, 8.6.15 and 7.66.
System Applications

Description

It was found a vulnerability in Drupal core due to insecure deserialization by the 'PharStreamWrapper' component.

impact

This vulnerability allows an attacker to:
- access arbitrary files and directories stored on file system.

Resolution

Update Drupal to version equal or higher than 8.7.1, 8.6.16, 7.67.

References

https://www.drupal.org/sa-core-2019-007
https://typo3.org/security/advisory/typo3-psa-2019-007/
https://nvd.nist.gov/vuln/detail/CVE-2019-11831