The AltaGrade Blog

Drupal Security team has released multiple critical and moderately critical security advisories for Webform module today. This module enables you to build forms and surveys in Drupal.

Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011

Project: Webform
Date: 2020-May-06
Security risk: Critical 17∕25 
Vulnerability: Remote Code Execution

Project: JSON:API
Version: 8.x-1.26
Date: 2020-April-15
Security risk: Critical 15∕25 
Vulnerability: Unsupported

Description

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities.

Free hosting for non-profits

Project: Svg Image
Date: 2020-March-25
Security risk: Critical 15∕25
Vulnerability: Cross site scripting

Description

SVG Image module allows to upload SVG files.

The module did not sufficiently protect against malicious code inside SVG files leading to a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have permission to upload an SVG file.

Solution

Install the latest version: