"Drupal Patches 'High-Risk' Third-Party Library Flaws"

The Drupal security team has recently released an advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to hijack Drupal-powered websites remotely.  The security team stated that the vulnerabilities, tracked as CVE-2022-31042 and CVE-2022-31043, were found and fixed in Guzzle, a third-party library that Drupal uses to handle HTTP requests and responses to external services.  The security team noted that the vulnerabilities do not affect Drupal core but may affect some contributed projects or custom code on Drupal sites.  Guzzle has rated these vulnerabilities as high-risk.  The security team recommends its users install the latest versions (Drupal 9.2 through Drupal 9.4).   The security team noted that it is important to note that all versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage.  

SecurityWeek reports: "Drupal Patches 'High-Risk' Third-Party Library Flaws"