Main Content
Padlocks Image with text overlay 'Safe from Website Vulnerabilities and the XML Quadratic Blowup Attack!'

Drupal: Safe from the XML Quadratic Blowup Attack!

Millions of Wordpress and Drupal websites around the world are in need of an immediate upgrade due to a security vulnerability. The vulnerability uses an XML Quadratic Blowup Attack which is a sub-attack from the well-known Billion Laughs attack.

This attack (if executed) can cause the complete central processing unit (CPU) and memory failure. It can lead to denial of service (DOS), unavailable and unresponsive sites.

Read: Open Source vs Proprietary for Government Websites

The risk level for the security update it is considered "Moderately Critical" - the attack execution requires the attacker to be registered on the site and have some non-default permissions (e.g., creating content).

Learn more about the vulnerability and the attack.

The good news? The robust Drupal security team has already released a fix included in the latest Drupal update. So, all you have to do is upgrade to the latest version of Drupal.

Read: How to Prepare Your TEAM for a Drupal Migration

If you are a Promet Support and Maintenance client, our Support team has already been working on this for you. Our development clients have also been notified and we are working on this fix for them as well.

Rest assured we are your first line of defense against this attack.

Worried about security issues on your website? Contact us today.