5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.3%
Drupal coreβs Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive.
Please see the Drupal 7.20 release notes for important notes about the changes which were made to fix this issue, since some sites will require extra testing and care when deploying this Drupal core release.
Install the latest version:
Also see the Drupal core project page.
drupal.org/contact
drupal.org/drupal-7.20-release-notes
drupal.org/project/drupal
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/user/10297
drupal.org/user/124982
drupal.org/user/17943
drupal.org/user/22211
drupal.org/user/2274988
drupal.org/user/2663
drupal.org/user/36762
drupal.org/user/49851
drupal.org/user/52142
drupal.org/writing-secure-code