A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised.
Drupal 8.x: https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=bb6d396609600d1169da29456ba3db59abae4b7e
Drupal 7.x: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0
Created drupal8 tracking bugs for this issue:
Affects: fedora-all [bug 1572101]
Created drupal7 tracking bugs for this issue:
Affects: fedora-all [bug 1572100]
Affects: epel-all [bug 1572102]
All dependent bugs are closed. Please close this one out.
(In reply to Shawn Iwinski from comment #3)
> All dependent bugs are closed. Please close this one out.