Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

Read Time:59 Second

Project:

Drupal core

Date:

2024-January-17

Security risk:

Moderately critical 11∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:Default

Vulnerability:

Denial of Service

Affected versions:

>=8.0 <10.1.8 || >=10.2 <10.2.2

Description:

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Solution:

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.2.
If you are using Drupal 10.1, update to Drupal 10.1.8.

All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Drupal 7 is not affected.

Reported By:

Alexander Antonenko
Doug Green

Fixed By:

Lee Rowlands of the Drupal Security Team
Benji Fisher of the Drupal Security Team
Juraj Nemec of the Drupal Security Team
xjm of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team

Live Video of Promachoteuthis Squid

YubiKey Side-Channel Attack

Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions

US and Allies Accuse Russian Military of Destructive Cyber-Attacks

PyPI Revival Hijack Puts Thousands of Applications at Risk

Security Budgets Come Under Pressure as “Hypergrowth” Ends

Cicada ransomware – what you need to know

UK Signs Council of Europe AI Convention

Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility

Drupal core – Moderately critical – Denial of Service – SA-CORE-2024-001

libcoap-4.3.5-6.fc41

chromium-128.0.6613.119-1.fc39

chromium-128.0.6613.119-1.el8

chromium-128.0.6613.119-1.el9

chromium-128.0.6613.119-1.fc41

chromium-128.0.6613.119-1.fc40