Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers—Patch Now

2018-08-03 11:18

It's time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ew7KG_AKvlA/symfony-drupal-hack.html

#drupal #hacker #patch #CVE-2018-14773

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-03	CVE-2018-14773	An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. network low complexity sensiolabs debian drupal	6.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Drupal		15	0	66	45	14	125
Symfony		2	1	1	3	2	7