Security Alert (A21-09-14): Multiple Vulnerabilities in Drupal
17 September 2021
Drupal has released a security advisory to address multiple vulnerabilities in the JSON:API, Media, QuickEdit and REST File upload modules. A remote attacker may upload a maliciously crafted file to a vulnerable system or entice a system administrator into opening a specially crafted web page to exploit the vulnerability.
Please note that Drupal 8 prior to version 8.9.x and Drupal 9 prior to version 9.1.x have reached End-Of-Life (EOL). No security updates will be provided after that. Users should arrange upgrading the Drupal to supported versions or migrating to other supported technology.
Drupal version 8.9.x
Drupal version 9.1.x
Drupal version 9.2.x
Successful exploitation could lead to cross-site scripting, information disclosure or security restriction bypass on an affected system.
The product vendor has released patches to address the issues.