CVE-2021-21347 is a vulnerability that was discovered in February 2021. It affects the popular content management system, Drupal, specifically versions 7 and 8. The vulnerability allows an attacker to bypass normal security measures and execute arbitrary code on the affected system. In other words, an attacker could take control of a vulnerable Drupal site and potentially access sensitive information or cause damage to the site.
The vulnerability was caused by a flaw in how Drupal handles certain types of input data. Specifically, it was related to how Drupal processes file uploads. By sending specially crafted requests to a vulnerable site, an attacker could trigger the vulnerability and gain control of the site. This type of vulnerability is particularly dangerous because it can be exploited remotely, without the attacker having physical access to the affected system.
Upon discovery of the vulnerability, Drupal's security team released a patch to address the issue. They also issued a security advisory urging all users of Drupal 7 and 8 to update their systems as soon as possible. In addition, they recommended that users review their logs for any suspicious activity that may have occurred before applying the patch. While there have been no reports of the vulnerability being actively exploited in the wild, it is important for organizations to take this type of threat seriously and ensure that their systems are properly secured.