Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerabilities in Drupal 8.9, 9.1, and 9.2
Alerts

Vulnerabilities in Drupal 8.9, 9.1, and 9.2

19 November 2021

Drupal, a Content Management Software (CMS) used to manage content and host websites, has released security updates to address two vulnerabilities (CVE-2021-41164 and CVE-2021-41165). The vulnerabilities can be exploited if the CMS is configured to allow the use of the CKEditor library. 

Successful exploitation of the vulnerabilities could allow an attacker to execute code and take control of an affected system.

Users and System Administrators are advised to patch the following versions on affected servers immediately:
•            If you are using Drupal 9.2, update to Drupal 9.2.9.
•            If you are using Drupal 9.1, update to Drupal 9.1.14.
•            If you are using Drupal 8.9, update to Drupal 8.9.20.

More information is available here:
https://www.drupal.org/sa-core-2021-011


Back to top