Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037

Project: VideoDate: 2019-March-13Security risk: Critical 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Remote Code ExecutionDescription: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.
The module doesn't sufficiently sanitize some user input on administrative forms.Solution: 

  • If you use the Video module for Drupal 7.x, upgrade to Video 7.x-2.14

Also see the Video project page
Note that the Drupal 8 version of this module is unaffected.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-037