Drupal

Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

2 months 4 weeks ago

Project: Drupal coreDate: 2024-January-17Security risk: Moderately critical 11∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceAffected versions: >=8.0 <10.1.8 || >=10.2 <10.2.2Description:

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Solution:

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.2.
If you are using Drupal 10.1, update to Drupal 10.1.8.

All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Drupal 7 is not affected.

Reported By:

Fixed By:

Lee Rowlands of the Drupal Security Team
Benji Fisher of the Drupal Security Team
Juraj Nemec of the Drupal Security Team
xjm of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team

Drupal Security Team

Checked

26 minutes 24 seconds ago

URL

https://www.drupal.org/security/core

Subscribe to Drupal feed

Categrory

Related Organisations

Contact Info

0732150500/7, 0703044000/7

info@kenet.or.ke