Synology-SA-19:19 Drupal

Publish Time: 2019-04-18 18:15:18 UTC+8

Last Updated: 2019-04-18 18:15:18 UTC+8

Severity: Important

Status: Ongoing

Abstract

Multiple vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML, execute arbitrary code or bypass security constraints via a susceptible version of Drupal and Drupal8.

Affected Products

Product	Severity	Fixed Release Availability
Drupal	Moderate	Ongoing
Drupal8	Important	Ongoing

Mitigation

None

Detail

Reserved

Reference

SA-CORE-2019-005
SA-CORE-2019-006
CVE-2019-10909
CVE-2019-10910
CVE-2019-10911

Revision

Revision	Date	Description
1	2019-04-18	Initial public release.

Synology-SA-19:19 Drupal

Company

Sales

Compatibility

Support

Resources