Number: AV17-086
Date: 22 June 2017
Purpose
The purpose of this advisory is to bring attention to Drupal security updates.
Assessment
Drupal has released updates to address multiple security vulnerabilities. An attacker can exploit those vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Affected Versions:
- Drupal core 7.x versions prior to 7.56
- Drupal core 8.x versions prior to 8.3.4
CVE Reference: CVE-2017-6920, CVE-2017-6921, CVE-2017-6922
Suggested Action
CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.
References: