Skip to main content

Drupal Denial of Service Vulnerability

Release Date: 19 Jan 2024 2156 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified in Drupal Core. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.


  • Denial of Service

System / Technologies affected

  • Drupal version prior to 10.2.2
  • Drupal version prior to 10.1.8

Sites that do not use the Comment module are not affected.


Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

  • for Drupal 10.2, update to Drupal 10.2.2
  • for Drupal 10.1, update to Drupal 10.1.8


All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Drupal 7 is not affected.

Vulnerability Identifier

  • No CVE information is available


Related Link