Several vulnerabilities have been patched in the Drupal content management system (CMS) with the release of version 8.2.7, including access bypass, cross-site request forgery (CSRF) and remote code execution flaws.
The most serious of them, rated critical and tracked as CVE-2017-6377, is an access bypass weakness affecting the editor module.
Article Link: http://feedproxy.google.com/~r/Securityweek/~3/_3YBmo1lbW4/several-vulnerabilities-patched-drupal-8