<div dir="ltr">View online: <a href="https://www.drupal.org/sa-core-2024-002" rel="noreferrer" target="_blank">https://www.drupal.org/sa-core-2024-002</a><br>
<br>
Project: Drupal core [1]<br>
Date: 2024-October-16<br>
Security risk: *Moderately critical* 13 ∕ 25<br>
AC:Basic/A:None/CI:None/II:All/E:Theoretical/TD:Uncommon [2]<br>
Vulnerability: Improper error handling<br>
<br>
Affected versions: >=10.0 < 10.2.10<br>
Description: <br>
Under certain uncommon site configurations, a bug in the CKEditor 5 module<br>
can cause some image uploads to move the entire webroot to a different<br>
location on the file system. This could be exploited by a malicious user to<br>
take down a site.<br>
<br>
The issue is mitigated by the fact that several non-default site<br>
configurations must exist simultaneously for this to occur.<br>
<br>
Solution: <br>
Install the latest version:<br>
<br>
   * If you are using Drupal 10.2, update to Drupal 10.2.10 [3].<br>
   * Drupal 10.3 and above are not affected, nor is Drupal 7.<br>
<br>
All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive<br>
security coverage. (Drupal 8 [4] and Drupal 9 [5] have both reached<br>
end-of-life.)<br>
<br>
This advisory is not covered by Drupal Steward [6].<br>
<br>
Reported By: <br>
   * Pierre Rudloff [7]<br>
<br>
Fixed By: <br>
   * catch [8] of the Drupal Security Team<br>
   * Lee Rowlands [9] of the Drupal Security Team<br>
   * Benji Fisher [10] of the Drupal Security Team<br>
   * Kim Pepper [11]<br>
   * Wim Leers [12]<br>
   * xjm [13] of the Drupal Security Team<br>
<br>
Coordinated By: <br>
   * xjm [14] of the Drupal Security Team<br>
   * Dave Long [15] of the Drupal Security Team<br>
   * Juraj Nemec [16] of the Drupal Security Team<br>
<br>
<br>
[1] <a href="https://www.drupal.org/project/drupal" rel="noreferrer" target="_blank">https://www.drupal.org/project/drupal</a><br>
[2] <a href="https://www.drupal.org/security-team/risk-levels" rel="noreferrer" target="_blank">https://www.drupal.org/security-team/risk-levels</a><br>
[3] <a href="https://www.drupal.org/project/drupal/releases/10.2.10" rel="noreferrer" target="_blank">https://www.drupal.org/project/drupal/releases/10.2.10</a><br>
[4] <a href="https://www.drupal.org/psa-2021-06-29" rel="noreferrer" target="_blank">https://www.drupal.org/psa-2021-06-29</a><br>
[5] <a href="https://www.drupal.org/psa-2023-11-01" rel="noreferrer" target="_blank">https://www.drupal.org/psa-2023-11-01</a><br>
[6] <a href="https://www.drupal.org/steward" rel="noreferrer" target="_blank">https://www.drupal.org/steward</a><br>
[7] <a href="https://www.drupal.org/user/3611858" rel="noreferrer" target="_blank">https://www.drupal.org/user/3611858</a><br>
[8] <a href="https://www.drupal.org/user/35733" rel="noreferrer" target="_blank">https://www.drupal.org/user/35733</a><br>
[9] <a href="https://www.drupal.org/user/395439" rel="noreferrer" target="_blank">https://www.drupal.org/user/395439</a><br>
[10] <a href="https://www.drupal.org/user/683300" rel="noreferrer" target="_blank">https://www.drupal.org/user/683300</a><br>
[11] <a href="https://www.drupal.org/user/370574" rel="noreferrer" target="_blank">https://www.drupal.org/user/370574</a><br>
[12] <a href="https://www.drupal.org/user/99777" rel="noreferrer" target="_blank">https://www.drupal.org/user/99777</a><br>
[13] <a href="https://www.drupal.org/user/65776" rel="noreferrer" target="_blank">https://www.drupal.org/user/65776</a><br>
[14] <a href="https://www.drupal.org/user/65776" rel="noreferrer" target="_blank">https://www.drupal.org/user/65776</a><br>
[15] <a href="https://www.drupal.org/u/longwave" rel="noreferrer" target="_blank">https://www.drupal.org/u/longwave</a><br>
[16] <a href="https://www.drupal.org/u/poker10" rel="noreferrer" target="_blank">https://www.drupal.org/u/poker10</a><br>
<br>
_______________________________________________<br>
Security-news mailing list<br>
<a href="mailto:Security-news@drupal.org" target="_blank">Security-news@drupal.org</a><br>
Unsubscribe at <a href="https://lists.drupal.org/mailman/listinfo/security-news" rel="noreferrer" target="_blank">https://lists.drupal.org/mailman/listinfo/security-news</a><div class="gmail-yj6qo"></div><div class="gmail-adL"><br>
</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>===</div><div>Computer Security Incident Response Team - CSIRT</div><div>Universidade Estadual de Campinas - Unicamp</div><div>Centro de Computacao - CCUEC</div><div>GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div>Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div></div>