Drupal has released security updates to address security vulnerabilities (CVE-2022-31042, CVE-2022-31043) affecting Drupal versions 9.2, 9.3 and 9.4. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

According to Drupal security advisory, users are recommended to install the latest version:

• If you are using Drupal 9.4, update to Drupal 9.4.0-rc2.
• If you are using Drupal 9.3, update to Drupal 9.3.16.
• If you are using Drupal 9.2, update to Drupal 9.2.21.

More information on vulnerabilities and updates is available in Drupal security advisory – SA-CORE-2022-011.