Drupal Core Addresses Moderately Critical Denial of Service Vulnerability in Comment Module
Drupal core has released a security advisory (SA-CORE-2024-001) addressing a moderately critical denial of service (DOS) vulnerability in the Comment module. Attackers could exploit the flaw to trigger DOS through comment reply requests. Sites not using the Comment module are unaffected. Users are urged to update to the latest versions—Drupal 10.2.2 for Drupal 10.2 and Drupal 10.1.8 for Drupal 10.1. All versions of Drupal 10 before 10.1 are end-of-life. Drupal 7 remains unaffected. The issue was reported by Alexander Antonenko and Doug Green, with fixes provided by the Drupal Security Team.
Source Reference
Disclosure: This content is produced with the assistance of AI.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related People
Comments
You may also like
Featured
Latest News
Upcoming Events
Latest Opportunities
Call for Support
