Many of us take this time in April to celebrate spring and the rebirth of nature. Snow melts, cherry blossoms bloom, and the ever illusive easter eggs are hunted down with glee and diligence over rolling green hills. In our corner of the cyberverse, security vulnerabilities in open source components are the target of our hunt, and as per usual, we’ve come up with an overflowing basket of goodies.
This month’s roundup of the top 5 new open source security vulnerabilities, was aggregated by the WhiteSource database, which is updated continuously from the National Vulnerability Database (NVD), in addition to a number of open source publicly available, peer-reviewed security advisories.
Our top 5 list of projects hit by vulnerabilities this March includes some wildly popular platforms and components, servicing millions of users worldwide. Some are re-born from previous vulnerabilities, while others are fresh newcomers. All of them prove, once again, that the open source ecosystem is a dynamic one filled with hard working folk that continuously keep us on our toes.
If we’ve tickled your curiosity, or if you are using open source components in your projects (you know you are), take a look at March’s top 5 new open source security vulnerabilities.
Vulnerability Score: High — 7.3
Affected versions: Drupal 6, 7.x before 7.58, 8.x before 8.3.9, and 8.4.x before 8.4.6, and 8.5.x before 8.5.1
This is a big one, folks. Drupal is the popular, free, and open source content management platform that web developers either love to hate or embrace with deep everlasting adoration. The divide between lovers and haters will no doubt deepen as the fallout from this highly-critical vulnerability affectionately referred to as Drupalgeddon, otherwise known (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Blog – WhiteSource. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-new-open-source-vulnerabilities-in-march