Drupal Security Issue SA-CONTRIB-2017-38
by CIRT Team
Description: The Drupal security team has discovered a critical vulnerability in a third-party module named References. Although this module is no longer maintained, it is currently used within over 120,000 installations.
Impact: The Drupal security team did not disclose the technical details about the vulnerability in order to avoid the exploitation of the flaw in the wild.
Mitigation: As per drupal.org official page information, if you use the References module for Drupal you should uninstall it.