FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (4fc2df49-6279-11e7-be0f-6cf0497db129)
High Nessus Plugin ID 101276
Synopsis
The remote FreeBSD host is missing one or more security-related
updates.
Description
Drupal Security Team Reports :
CVE-2017-6920: PECL YAML parser unsafe object handling.
CVE-2017-6921: File REST resource does not properly validate
CVE-2017-6922: Files uploaded by anonymous users into a private file
system can be accessed by other anonymous users.
Solution
Update the affected packages.