Security advisories: Drupal core – Moderately critical – Denial of Service – SA-CORE-2019-009

Project: 
Version: 
8.8.x-dev
8.7.x-dev
Date: 
2019-December-18
Vulnerability: 
Denial of Service
Description: 

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.

To mitigate this issue in any version of Drupal 8, you can also block access to install.php if it’s not required.

Reported By: 
Fixed By: