The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).
Sites that do not use the Comment module are not affected.
Install the latest version:
If you are using Drupal 10.2, update to Drupal 10.2.2.
If you are using Drupal 10.1, update to Drupal 10.1.8.
All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)
Drupal 7 is not affected.
Benji Fisher of the Drupal Security Team
Juraj Nemec of the Drupal Security Team
xjm of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team
More Stories
USN-7015-1: Python vulnerabilities
It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could...
USN-7014-1: nginx vulnerability
It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive...
USN-7013-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this...
USN-7012-1: curl vulnerability
Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad certificates not being checked properly,...
USN-7011-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...
USN-6560-3: OpenSSH vulnerability
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It...