Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

Project: Examples for DevelopersDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities.
Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can added back in the future.Solution: Any sites that have File Example submodule installed should uninstall it immediately
Then, install the latest version of Examples:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-035