Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
This advisory is not covered by Drupal Steward.
Install the latest version:
If you are using Drupal 9.3, update to Drupal 9.3.6.
If you are using Drupal 9.2, update to Drupal 9.2.13.
If you are using Drupal 7, update to Drupal 7.88.
All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Lee Rowlands of the Drupal Security Team
Ben Dougherty of the Drupal Security Team
Drew Webber of the Drupal Security Team
Jen Lampton
Nate Lampton
Fabian Franz
Alex Bronstein of the Drupal Security Team
More Stories
chromium-117.0.5938.132-2.fc39
FEDORA-2023-c890266d3f Packages in this update: chromium-117.0.5938.132-2.fc39 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-2.fc38
FEDORA-2023-d66a01ad4f Packages in this update: chromium-117.0.5938.132-2.fc38 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More
chromium-117.0.5938.132-1.el7
FEDORA-EPEL-2023-edc9c74369 Packages in this update: chromium-117.0.5938.132-1.el7 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-1.el8
FEDORA-EPEL-2023-8f3e1b6f78 Packages in this update: chromium-117.0.5938.132-1.el8 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-1.fc37
FEDORA-2023-0cd03c3746 Packages in this update: chromium-117.0.5938.132-1.fc37 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More
chromium-117.0.5938.132-1.el9
FEDORA-EPEL-2023-cca1f87440 Packages in this update: chromium-117.0.5938.132-1.el9 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....