Update 26th April
“It is a remote code execution vulnerability,” explained a member of the Drupal security team in an email to The Register. “No more technical details beyond that are available.”
The vulnerability affects at least Drupal 7.x and Drupal 8.x.
Customers are advised to update as soon as possible.
Easyspace has been made aware that anyone running a website built with Drupal should install critical security patches.
Drupal has also produced patches for older versions of its latest software – 8.3 and 8.4 as well as the most current 8.5 version – to ensure that websites can be updated as soon as possible, rather than require an overall update. A 7.x patch is also available.
We will update customers if any additional action needs to be taken.