Drupal addresses a Guzzle third-party vulnerability

Threat Level

Vulnerability Report

For a detailed advisory, download the pdf file here

Summary

The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can have an impact on contributed projects or custom code on Drupal sites. Guzzle has found two vulnerabilities that have been rated high risk (as per the company)