Multiple security advisories are issued for Drupal 7, 8, 9 core and contributed modules: SA-CORE-2020-012, SA-CONTRIB-2020-035, SA-CONTRIB-2020-036, SA-CONTRIB-2020-037, SA-CONTRIB-2020-038
Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036
Project: Media: oEmbed
Date: 2020-November-18
Security risk: Critical 17∕25
Vulnerability: Remote Code Execution
Description
Media oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012.
Solution
Install the latest version:
Upgrade to Media oEmbed 7.x-2.8