Project:
Version:
8.8.x-dev
8.7.x-dev
Date:
2019-December-18
Vulnerability:
Denial of Service
Description:
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
Solution:
Install the latest version:
- If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.
- If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
To mitigate this issue in any version of Drupal 8, you can also block access to install.php if it's not required.
Additional information
All advisories released today:
Updating to the latest Drupal core release will apply the fixes for all the above advisories.
Reported By:
- Drew Webber of the Drupal Security Team
Fixed By:
- Drew Webber of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Heine of the Drupal Security Team
- Alex Pott of the Drupal Security Team
- Jess of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- David Snopek of the Drupal Security Team
- Nathaniel Catchpole of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team