CVE-2018-7600

NameCVE-2018-7600
DescriptionDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1325-1, DSA-4156-1
Debian Bugs894259

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupal7sourcewheezy7.14-2+deb7u18DLA-1325-1
drupal7sourcejessie7.32-1+deb8u11DSA-4156-1
drupal7sourcestretch7.52-2+deb9u3DSA-4156-1
drupal7source(unstable)7.58-1894259

Notes

https://www.drupal.org/sa-core-2018-002
https://groups.drupal.org/security/faq-2018-002
https://www.drupal.org/psa-2018-001
Drupal 7.x Patch: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
Search for package or bug name: Reporting problems