[webform_multifile] Add patch to prevent Remote Code Execution per SA-CONTRIB-2016-038

The Webform Multifile File Upload module contains a Remote Code Execution (RCE) vulnerability exists where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution depending on the libraries available on a site.

With the help of the D6LTS vendors, a new version was released:

https://www.drupal.org/project/webform_multifile/releases/6.x-1.4

The patch to fix is also attached.

Comment	File	Size	Author
	SA-CONTRIB-2016-038.patch	10.74 KB	dsnopek

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

13 July 2016 at 16:01

dsnopek created an issue. See original summary.

Log in or register to post comments

Comment #2

he/him

English

USA

CreditAttribution: dsnopek commented 13 July 2016 at 16:01

Status:

Active

» Fixed

Committed!

Log in or register to post comments

Comment #3

27 July 2016 at 16:04

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Log in or register to post comments