Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020

Project: Media
Version: 7.x-2.18
Date: 2018-April-25
Security risk: *Critical* 18∕25
Vulnerability: Remote Code Execution

Description

The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site.

The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack.

Solution

 
Install the latest version:

* If you use the Media module for Drupal 7.x-2.x, upgrade to Media 7.x-2.19

Add new comment