Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Drupal Multiple Vulnerabilities

Release Date: 16 Sep 2021 4565 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in Drupal, a remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.


  • Security Restriction Bypass
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

  • Drupal 9.2
  • Drupal 9.1
  • Drupal 8.9


Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

  • for Drupal 9.2, update to Drupal 9.2.6
  • for Drupal 9.1, update to Drupal 9.1.13
  • for Drupal 8.9, update to Drupal 8.9.19


Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage. 

Vulnerability Identifier


Related Link