Drupal Out-of-band security update addresses two vulnerabilities in the third-party library Guzzle [CVE-2022-31042 and CVE-2022-31043]

CVE numbers = CVE-2022-31042 and CVE-2022-31043

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories:

These do not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites.

Solution: 

Install the latest version:

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 is not affected.

Advanced users may also work around this issue by temporarily using drupal/core instead of drupal/core-recommended and then updating Guzzle to the desired version. More information on managing Guzzle with Drupal 9.4.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: