CVE-2017-6921

Name of the Vulnerable Software and Affected Versions Drupal 8 versions prior to 8.3.4

Description The issue arises from improper validation of certain fields when manipulating files through the file REST resource. This affects sites with the RESTful Web Services (rest) module enabled, where the file REST resource is enabled and allows PATCH requests. An attacker must have the ability to get or register a user account on the site with permissions to upload files and to modify the file resource.

Recommendations For versions prior to 8.3.4, update to version 8.3.4 or later to resolve the issue. As a temporary workaround, consider disabling the file REST resource or restricting access to it until the update can be applied. Additionally, restrict permissions to upload files and modify the file resource to minimize the risk of exploitation.