Drupal Core Addresses Moderately Critical Denial of Service Vulnerability in Comment Module
Drupal core has released a security advisory (SA-CORE-2024-001) addressing a moderately critical denial of service (DOS) vulnerability in the Comment module. Attackers could exploit the flaw to trigger DOS through comment reply requests. Sites not using the Comment module are unaffected. Users are urged to update to the latest versions—Drupal 10.2.2 for Drupal 10.2 and Drupal 10.1.8 for Drupal 10.1. All versions of Drupal 10 before 10.1 are end-of-life. Drupal 7 remains unaffected. The issue was reported by Alexander Antonenko and Doug Green, with fixes provided by the Drupal Security Team.
Reference: Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 (17 January 2024)
ASK: Drupal Community Needs Your Support
View all →
Disclosure: This content is produced with the assistance of AI.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
Related People
You may also like
