Media - Moderately Critical - Multiple vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2017-044
* Project: Media (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 16/25 ( Critical)
* Vulnerability: Information Disclosure, Arbitrary PHP code execution,
Multiple vulnerabilities

DESCRIPTION

This module provides intuitive ways to manage large libraries of media,
insert or display or import various types of media either through fields or a
wysiwyg interface.

Versions of this module prior to 7.x-2.1 or 7.x-3.0-alpha5 did not
sufficiently whitelist input parameters for the media browser.

This vulnerability in the versions of media prior to those aforementioned is
mitigated by the fact that an attacker must have a role with the permission
upload files and view media browser.

SOLUTION

Install the latest version:

* If you use the media module, it is recommended to upgrade to media
version
7.x-2.1 (stable) or to 7.x-3.0-alpha5 (cutting edge) or newer.

Also see the Media project page: https://www.drupal.org/project/media

Add new comment