Security Vulnerabilities: SA-CORE-2018-005 - Drupal 8.x & CVE-2018-14773 - Symfony

SA-CORE-2018-005 - Drupal 8

Popular CMS platform Drupal recently announced that versions of Drupal 8 prior to 8.5.6 are affected by SA-CORE-2018-005 / CVE-2018-14773 (more CVE details below). Drupal 8 uses components from the Symfony framework so is affected by this Symfony bug.

Drupal SA-CORE-2018-002 - Highly critical - Remote Code Execution vulnerability

Late last week, the Drupal Security Team announced a "Highly critical" remote code execution vulnerability that affects Drupal 6 (EOL), Drupal 7 and Drupal 8. SA-CORE-2018-002 dubbed "Drupalgeddon2" was discovered by Jasper Mattsson. Drupal scores it a whopping 21 (out of a possible 25) "Security Risk Level". All users are recommended to update their Drupal sites immediately.