View online: https://www.drupal.org/sa-contrib-2019-037
Project: Video [1] Date: 2019-March-13 Security risk: *Critical* 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All [2] Vulnerability: Remote Code Execution
Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.
The module doesn't sufficiently sanitize some user input on administrative forms.
Solution: * If you use the Video module for Drupal 7.x, upgrade to Video 7.x-2.14 [3]
Also see the Video [4] project page
Note that the Drupal 8 version of this module is unaffected.
Reported By: * Samuel Mortenson [5] of the Drupal Security Team
Fixed By: * Michael Hess [6] of the Drupal Security Team * Jorrit Schippers [7] * Samuel Mortenson [8] of the Drupal Security Team * Greg Knaddison [9] of the Drupal Security Team
Coordinated By: * Michael Hess [10] of the Drupal Security Team
[1] https://www.drupal.org/project/video [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/video/releases/7.x-2.14 [4] https://www.drupal.org/project/video [5] https://www.drupal.org/user/2582268 [6] https://www.drupal.org/user/102818 [7] https://www.drupal.org/user/161217 [8] https://www.drupal.org/user/2582268 [9] https://www.drupal.org/user/36762 [10] https://www.drupal.org/user/102818