Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
This advisory is not covered by Drupal Steward.
Install the latest version:
If you are using Drupal 9.3, update to Drupal 9.3.6.
If you are using Drupal 9.2, update to Drupal 9.2.13.
If you are using Drupal 7, update to Drupal 7.88.
All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Lee Rowlands of the Drupal Security Team
Ben Dougherty of the Drupal Security Team
Drew Webber of the Drupal Security Team
Jen Lampton
Nate Lampton
Fabian Franz
Alex Bronstein of the Drupal Security Team
More Stories
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241 Packages in this update: python-reportlab-4.2.0-1.fc39 Update description: Release 4.2.0 Read More
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669 Packages in this update: python-reportlab-4.2.0-1.fc40 Update description: Release 4.2.0 Read More
USN-6743-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-6742-1: Linux kernel vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated...
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Apr 19 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact:...
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19 SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >...