Drupal versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
5c56b8bac1e22f18ddbee9eb7490e7405a9c7609ee08978711e532a1abf9716d
Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.
9448745ca34223b272016f3a6b85e742d98115ddc80c24382e74fd677ef4be62