Drupal addresses a Guzzle third-party vulnerability
Drupal addresses a Guzzle third-party vulnerability
Threat Level
Vulnerability Report
For a detailed advisory, download the pdf file here
Summary
The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can have an impact on contributed projects or custom code on Drupal sites. Guzzle has found two vulnerabilities that have been rated high risk (as per the company)