Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
Project: Drupal core Date: 2020-June-17 Security risk: Critical 15∕25 Vulnerability: Cross Site Request Forgery CVE IDs: CVE-2020-13663
The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
If you are using Drupal 7.x, upgrade to Drupal 7.72.
If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.
If you are using Drupal 8.9.x, upgrade to Drupal 8.9.1.
If you are using Drupal 9.0.x, upgrade to Drupal 9.0.1.
Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage. Sites on 8.7.x or earlier should update to 8.8.8.
All the websites hosted on AltaGrade which opted to automatic core updates have already been updated.