Multiple vulnerabilities patched in October 17th Drupal Core update

It’s been a while since the last Drupal Core update was released (back in April) but it’s now time, once again, to install a Drupal Core update to keep your Drupal websites secure.

The following issues with Drupal Core have been patched, and are included in yesterday’s update:

  • In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
  • In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
  • When sending email some variables were not being sanitised for shell arguments, which could lead to remote code execution.
  • The Contextual Links module doesn’t sufficiently validate the requested contextual links.

View more details on the Drupal website at

Ref: SA-CORE-2018-006