Debian Security Advisory

DSA-4706-1 drupal7 -- security update

Date Reported:
18 Jun 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-13663.
More information:

It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery.

For additional information, please refer to the upstream advisory at

For the oldstable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u11.

We recommend that you upgrade your drupal7 packages.

For the detailed security status of drupal7 please refer to its security tracker page at: