Drupal · Drupal · CVE-2017-6381
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 8.2.2
**Description**
A third-party development library included with Drupal 8 development dependencies is susceptible to remote code execution. However, this issue is mitigated by the default .htaccess protection against PHP execution and the fact that Composer development dependencies are not normally installed.
**Recommendations**
For versions prior to 8.2.2, consider removing the `/vendor/phpunit` directory from production deployments to mitigate the risk.