A remote attacker could exploit this vulnerability to trigger remote code execution, data manipulation, elevation of privilege and sensitive information disclosure on the targeted system. Impact Remote Code Execution Data Manipulation Information Disclosure Elevation of Privilege System / Technologies affected Drupal version 8.9.0 and later, prior to 10.4.10 Drupal version 10.5.0 and later, prior to 10.5.10 Drupal version 10.6.0 and later, prior to 10.6.9 Drupal version 11.0.0 and later, prior to 11.1.10 Drupal version 11.2.0 and later, prior to 11.2.12 Drupal version 11.3.0 and later, prior to 11.3.10 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: For Drupal 8.9, manually applying the Drupal 8.9 patch For any version of Drupal 9, manually applying the Drupal 9.5 patch For Drupal 10.4.x or earlier, update to Drupal 10.4.10 For Drupal 10.5.x, update to Drupal 10.5.10 For Drupal 10.6.x, update to Drupal 10.6.9 For Drupal 11.1.x or 11.0.x, update to Drupal 11.1.10 For Drupal 11.2.x, update to Drupal 11.2.12 For Drupal 11.3.x, update to Drupal 11.3.10 Note: Drupal 8 and Drupal 9 have both reached end-of-life. Those unsupported versions will still have other, previously disclosed security vulnerabilities. Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage.