There is an important security update for the content management system Drupal.
Websites built with the CMS Drupal are vulnerable. After successful attacks, attackers could, among other things, access data that was actually isolated. In addition, the developers have closed a vulnerability in the S3 File System module.
The most dangerous is considered a vulnerability (CVE-2022-39261 “high’) in the Twig library, which the CMS uses to check templates, for example. There is now a patch for this, which in Drupal 9.3.22 and 9.4.7 has found its way. Support for older versions has ended and these releases will no longer receive security updates. If attacks are successful, attackers could access database access data, among other things.
About a vulnerability in the S3 file system module unauthorized access is conceivable. Here creates the Version 7.x-2.14 Remedy.
