Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2023-March-08
Vulnerability:
Denial of Service
Affected versions:
<2.7.0
Description:
This module provides a new UI experience for node editing - Gutenberg editor.
This vulnerability can cause DoS by using reusable blocks improperly.
This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it.
Solution:
Install the latest version:
- If you use the Gutenberg module versions 8.x-2.x, upgrade to Gutenberg 8.x-2.7
Reported By:
Fixed By:
Coordinated By:
- Damien McKenna of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
