Multiple vulnerabilities patched in October 17th Drupal Core update

It’s been a while since the last Drupal Core update was released (back in April) but it’s now time, once again, to install a Drupal Core update to keep your Drupal websites secure.

The following issues with Drupal Core have been patched, and are included in yesterday’s update:

• In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
• In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
• When sending email some variables were not being sanitised for shell arguments, which could lead to remote code execution.
• The Contextual Links module doesn’t sufficiently validate the requested contextual links.

View more details on the Drupal website at https://www.drupal.org/sa-core-2018-006

Ref: SA-CORE-2018-006