FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal8 -- multiple vulnerabilities

Affected packages
drupal8 < 8.2.7

Details

VuXML ID 2730c668-0b1c-11e7-8d52-6cf0497db129
Discovery 2017-03-15
Entry 2017-03-17

Drupal Security Team reports:

CVE-2017-6377: Editor module incorrectly checks access to inline private files

CVE-2017-6379: Some admin paths were not protected with a CSRF token

CVE-2017-6381: Remote code execution

[source]

References

CVE Name CVE-2017-6377
CVE Name CVE-2017-6379
CVE Name CVE-2017-6381
URL https://www.drupal.org/SA-2017-001

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.