Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Drupal security advisory

Number: AV18-124
Date: 3 August 2018

Purpose

The purpose of this advisory is to bring attention to a Drupal security advisory.

Assessment

Drupal has released a product update addressing security vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the Symfony library used in Drupal Core.

Affected Versions:
- Drupal 8.x versions prior to 8.5.6

Reference CVE: CVE-2018-14773

Suggested action

CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References

https://www.drupal.org/SA-CORE-2018-005

Date modified: