[Vulnerability Alert] Vulnerability of Remote Code Execution of Drupa Kernel (CVE-2019-6340)

2019-02-21 14:40:13
Dear user

JD Cloud Security Team has detected disclosed high risk vulnerability of remote code execution of Drupal in recent time. Attackers may use the vulnerability to execute any PHP codes to get server permissions.

JD Cloud Security Team suggests you to timely carry out self-inspection. If you are in the affected scope, please timely update and fix to avoid intrusion by external attackers.

[Vulnerability Details]

If one of the following conditions is met, the website is only affected by this:

1. Drupal 8-core RESTful Web service (rest) module is enabled and PATCH or POST request are allowed,

2. Another Web service module is enabled, such as JSON in Drupal 8: API, or Services or RESTful Web Services in Drupal 7.

[Vulnerability Level]

SA-CORE-2019-003 Severe

[Security Version]

Drupal 8.6.10 or above

Drupal 8.5.11 or above

[Fix Recommendation]

Upgrade Drupal core codes to security version

Reference Link:

https://www.drupal.org/sa-core-2019-003


JD Cloud team

2019-02-21 14:40:13