A very popular Content Management System called Drupal has released security update for different kinds of vulnerabilities. A latest updated version8.2.7 guarantees that Drupal core requires the most secure version of PHPUnit accessible.
Description of Vulnerabilities:
Editor module incorrectly checks access to inline private files – Drupal 8 – Access Bypass – Critical – CVE-2017-6377
While including a private file with a configured text editor (like CKEditor), the editor won’t accurately check access for the record being added, which ends up in an access bypass.
Some admin paths were not protected with a CSRF token – Drupal 8 – Cross Site Request Forgery – Moderately Critical – CVE-2017-6379
Some administrative paths did exclude security for CSRF. This would allow an attacker to destroy a few block on a site. This issue is reduced by the way that clients would need to know the block ID.
Remote code execution – Drupal 8 – Remote code execution – Moderately Critical – CVE-2017-6381
A 3rd party development library incorporating with Drupal 8 development dependencies is helpless against remote code execution.