Boletines de Vulnerabilidades

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011


Información sobre el sistema

   
Software afectado Drupal

Descripción

Project: Drupal coreDate: 2022-June-10Security risk: Moderately critical 13∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Third-party librariesCVE IDs: CVE-2022-31042CVE-2022-31043Description: Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended.Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories:Failure to strip the Cookie header

More info:

https://www.drupal.org/sa-core-2022-011

Identificadores estándar

Propiedad Valor
CVE CVE-2022-31042 and CVE-2022-31043.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-06-12

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT