[3.7] drupal7: Remote Code Execution (CVE-2018-7602) (#8842) · Issues · alpine / aports

[3.7] drupal7: Remote Code Execution (CVE-2018-7602)

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers
to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related
to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and
this vulnerability are being exploited in the wild.

Fixed In Version:

Drupal 7.59

Reference:

https://www.drupal.org/sa-core-2018-004

Patch:

https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0

(from redmine: issue id 8842, created on 2018-04-26, closed on 2018-06-12)

Relations:
- copied_to #8840 (closed)
- parent #8840 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information