Go to computer terminal for registration
JD Cloud Security Team has detected disclosed high risk vulnerability of remote code execution of Drupal in recent time. Attackers may use the vulnerability to execute any PHP codes to get server permissions.
JD Cloud Security Team suggests you to timely carry out self-inspection. If you are in the affected scope, please timely update and fix to avoid intrusion by external attackers.
If one of the following conditions is met, the website is only affected by this:
1. Drupal 8-core RESTful Web service (rest) module is enabled and PATCH or POST request are allowed,
2. Another Web service module is enabled, such as JSON in Drupal 8: API, or Services or RESTful Web Services in Drupal 7.
Drupal 8.6.10 or above
Drupal 8.5.11 or above
Upgrade Drupal core codes to security version
JD Cloud team2019-02-21 14:40:13