Rewterz Threat Advisory – VMware Workstation, Fusion and Horizon Client Multiple Vulnerabilities
November 20, 2020Rewterz Threat Advisory – CVE-2020-5947 – F5 BIG-IP security bypass
November 23, 2020Rewterz Threat Advisory – VMware Workstation, Fusion and Horizon Client Multiple Vulnerabilities
November 20, 2020Rewterz Threat Advisory – CVE-2020-5947 – F5 BIG-IP security bypass
November 23, 2020Severity
High
Analysis Summary
A vulnerability exists when Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.
Impact
Remote Code Execution
Affected Vendors
Drupal
Affected Products
- Drupal 7
- Drupal 8.8 or earlier
- Drupal 8.9
- Drupal 9.0
Remediation
Install the latest version:
- If you are using Drupal 9.0, update to Drupal 9.0.8
- If you are using Drupal 8.9, update to Drupal 8.9.9
- If you are using Drupal 8.8 or earlier, update to Drupal 8.8.11
- If you are using Drupal 7, update to Drupal 7.74
- Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.