Read Time:59 Second
Project: 
Drupal core
Date: 
2024-January-17
Security risk: 
Moderately critical 11∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: 
Denial of Service
Affected versions: 
>=8.0 <10.1.8 || >=10.2 <10.2.2
Description: 

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Solution: 

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.2.
If you are using Drupal 10.1, update to Drupal 10.1.8.

All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Drupal 7 is not affected.

Reported By: 
Alexander Antonenko
Doug Green
Fixed By: 
Lee Rowlands of the Drupal Security Team
Benji Fisher of the Drupal Security Team
Juraj Nemec of the Drupal Security Team
xjm of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team

Read More

More Stories