- Plesk for Linux
- Plesk for Windows
Drupal Vulnerability CVE-2019-6340(PSA-2019-02-19) was announced.
- Drupal 8 is affected if RESTful Web Services (rest) module enabled and PATCH or POST requests are allowed
A site has another web services module enabled, like JSON:API
The risk is currently rated as highly critical.
Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Call to Action
- The Drupal 8.6.10 package has been updated in the APS catalog.
- As for other Drupal versions check the vendor recommendations here.