Upgrade Elastic.Apm to version 1.10.0 or higher.

drupal7 vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF)	<7.32-1+deb8u19
M Open Redirect	<7.32-1+deb8u18
C Deserialization of Untrusted Data	*
C Directory Traversal	<7.32-1+deb8u17
M Cross-site Scripting (XSS)	<7.32-1+deb8u17
M Cross-site Scripting (XSS)	<7.32-1+deb8u16
C Improper Input Validation	<7.32-1+deb8u14
H Deserialization of Untrusted Data	<7.32-1+deb8u15
C CVE-2018-7602	<7.32-1+deb8u12
M Files or Directories Accessible to External Parties	<7.32-1+deb8u9
H Incorrect Authorization	<7.6-1
C Improper Input Validation	<7.32-1+deb8u11
M Cross-site Scripting (XSS)	<7.32-1+deb8u10
M Open Redirect	<7.32-1+deb8u10
M Cross-site Scripting (XSS)	<7.32-1+deb8u10
M Incorrect Permission Assignment for Critical Resource	<7.32-1+deb8u10
M Open Redirect	<7.32-1+deb8u9
M Open Redirect	<7.32-1+deb8u2
M Open Redirect	<7.32-1+deb8u2
M Information Exposure	<7.32-1+deb8u8
M Open Redirect	<7.32-1+deb8u8
H Access Restriction Bypass	<7.32-1+deb8u7
H Security Features	<7.32-1+deb8u6
M Security Features	<7.32-1+deb8u6
H Improper Access Control	<7.32-1+deb8u6
M Information Exposure	<7.32-1+deb8u6
H Access Restriction Bypass	<7.32-1+deb8u6
H CVE-2016-3164	<7.32-1+deb8u6
M Cross-site Scripting (XSS)	<7.32-1+deb8u5
M Cross-site Scripting (XSS)	<7.32-1+deb8u5
H SQL Injection	<7.32-1+deb8u5
M Cross-site Request Forgery (CSRF)	<7.32-1+deb8u5
M Information Exposure	<7.32-1+deb8u5
M CVE-2015-3233	<7.32-1+deb8u4
M Improper Input Validation	<7.32-1+deb8u4
M Information Exposure	<7.32-1+deb8u4
M CVE-2015-3232	<7.32-1+deb8u4
L Improper Access Control	<7.32-1+deb8u2
M CVE-2014-9016	<7.32-1+deb8u1
M Access Restriction Bypass	<7.32-1+deb8u1
H SQL Injection	<7.32-1
M Access Restriction Bypass	<7.31-1
M Resource Management Errors	<7.31-1
M Resource Management Errors	<7.31-1
L Cross-site Scripting (XSS)	<7.29-1
M Access Restriction Bypass	<7.29-1
M Cross-site Scripting (XSS)	<7.29-1
M Improper Input Validation	<7.29-1
M Information Exposure	<7.27-1
H CVE-2014-1475	<7.26-1
M Access Restriction Bypass	<7.26-1
L Cross-site Scripting (XSS)	<7.14-1.3
L Cross-site Scripting (XSS)	<7.24-1
M Cross-site Scripting (XSS)	<7.24-1
M Cryptographic Issues	<7.24-1
M Arbitrary Code Injection	<7.24-1
M Improper Input Validation	<7.24-1
M Information Exposure	<7.11-1
M Cross-site Request Forgery (CSRF)	<7.11-1
L Access Restriction Bypass	<7.11-1
L Access Restriction Bypass	<7.14-1.3
M Access Restriction Bypass	<7.14-1.3
M Resource Management Errors	<7.14-2
M Access Restriction Bypass	<7.14-1.2
M Improper Input Validation	<7.14-1.2
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1
L Resource Management Errors	<7.14-1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
M Information Exposure	<7.22-1
M Improper Input Validation	<7.14-1
M Cross-site Request Forgery (CSRF)	*
H Access Restriction Bypass	<7.2-1

Vulnerability

Vulnerable Version

Cross-site Request Forgery (CSRF)

<7.32-1+deb8u19

Open Redirect

<7.32-1+deb8u18

Deserialization of Untrusted Data