lundi 1 juin 2020    || Inscription

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 22 février 2019

Critical Flaw in Drupal Allows Remote Code Execution (CERT-EU Security Advisory 2019-005)

An important security update was released by Drupal, which patches a remote code execution vulnerability (number CVE-2019-6340). The vulnerability was caused by the data passed into the RESTful Web service without strict verification. Successful exploitation of the vulnerability can result in remote code execution on the target host. RESTful services are not turned on by default, greatly reducing the risk of exploitation. For security reasons, users of Drupal are advised to upgrade in a timely manner.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 422


Événements SSI