Drupal has published a security advisory to address vulnerabilities affecting the following products on the 18th of January 2023. It is recommended that you take the necessary precautions to ensure your products are always protected.
Drupal 10.0.2.
Drupal 9.5.2.
Drupal 9.4.10.
Entity Browser 8.x-2.9.
Media Library Block 1.0.4.
Media Library Form API Element module version 2.0.6
For more information on these updates, you can follow these URLs:
https://www.drupal.org/sa-core-2023-001
https://www.drupal.org/sa-contrib-2023-002
https://www.drupal.org/sa-contrib-2023-003
https://www.drupal.org/sa-contrib-2023-004
The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.
PDF Download: Drupal Security Advisory.pdf
References
Drupal Security Advisory (20th of January 2023). Retrieved from US-CERT
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/20/drupal-releases-security-advisories-address-multiple
Drupal Security Advisory (18th of January 2023). Retrieved from Drupal
https://www.drupal.org/security