CVE-2018-7600
drupal7 - security update
9.8
CRITICAL
CVSS 3.1
⚠ KEVEPSS 94.5%
Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
How to fix CVE-2018-7600
To remediate CVE-2018-7600, upgrade the affected package to a fixed version below.
- —upgrade to 7.14-2+deb7u18 or later
- —upgrade to 7.32-1+deb8u11 or later
- —upgrade to 8.3.9 or later
- —upgrade to 7.58 or later
- —upgrade to 7.58 or later
Is CVE-2018-7600 being exploited?
Yes — CVE-2018-7600 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (5)
- from 0, < 7.14-2+deb7u18
- from 0, < 7.32-1+deb8u11
- >= 8.0.0, < 8.3.9 | >= 8.4.0, < 8.4.6 | >= 8.5.0, < 8.5.1
- >= 7.0, < 7.58
- >= 7.0, < 7.58
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |