3rd-party libraries bug allows attacker to take full control of the affected Drupal websites

in drupal •  6 years ago 

Critical vulnerabilities in the one of Drupal plugin were tracked, which could be exploited by attackers to take complete control of the affected Drupal site. An Attacker can use this bug to hack the Drupal website by using a specially crafted “X-Original-URL” or “X-Rewrite-URL” HTTP header.


Drupal’s maintenance staff solved the security bypass vulnerability by releasing a new version of the popular content management system version 8.5.6.


CVE-2018-14773

Affected version


    Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2

    Drupal 8.x versions before 8.5.6


Unaffected version


    Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3

    Drupal 8.5.6


Solution

Upgrade to the unaffected version.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This post has received a 3.13 % upvote from @drotto thanks to: @alanna27.

Thank`s to @drotto

Congratulations @alanna27! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard:
SteemitBoard and the Veterans on Steemit - The First Community Badge.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!