Drupal 8.6.x, 8.5.x or earlier versions
Allows remote attackers to execute arbitrary code because of not sanitizing data on some field types (CVE ID: CVE-2019-6340)
An attacker can mount Different attacks since the data is not sanitized on some of the field types available on Drupal.
A site is only affected by this if one of the following conditions is met:
The site using the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7.
(Note: The Drupal 7 Services module itself does not require an update at this time, but you should still apply other contributed updates associated with this advisory if Services is in use.)
✦ Temporary or permanent loss of the service.
✦ Disruption to regular operations.
✦ Financial losses incurred to restore systems and files.
✦ Potential harm to organization's reputation.
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
The information provided herein is on "as is" basis, without warranty of any kind.