Number: AV17-033
Date: 16 March 2017
Purpose
The purpose of this advisory is to bring attention to a Drupal security release.
Assessment
Drupal has released updates to address multiple security vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to perform arbitrary remote code execution.
Affected Versions:
Drupal core 8.x versions prior to 8.2.7
CVE References:
CVE-2017-6377, CVE-2017-6379, CVE-2017-6381
Suggested action
CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.