Boletines de Vulnerabilidades

Drupal core - Critical - Remote code execution - SA-CORE-2020-012


Información sobre el sistema

   
Software afectado Drupal

Descripción

Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.Solution: Install the latest version:If you are using Drupal

More info:

https://www.drupal.org/sa-core-2020-012

Identificadores estándar

Propiedad Valor
CVE CVE-2020-13671.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2020-11-19
Ministerio de Defensa
CNI
CCN
CCN-CERT