Active Craft Exploit Mitigation

Resolved
Resolved

All projects have now been updated with a fix to the PHP config. We still recommend all projects are updated to the latest version of Craft to ensure any other past vulnerabilities are patched appropriately.

Avatar for
Recovering

We're currently rolling out a change to all projects which turns the "register_argc_argv" PHP ini config setting off. This is in line with Pixel & Tonic's recommendation for mitigating the exploit. You may see your project sync as a result of this change.

If you want to apply the fix immediately, you can sync your project yourself via the Servd dashboard.

Avatar for
Identified

As an initial mitigation step we have blocked any URLs which contain a signature matching the currently visible attack vector.

We are now working on rolling out a change to the PHP configuration for all projects to mitigate the root exploit.

Avatar for
Identified

Today an article was released describing a Craft RCE exploit which has recently been patched.

https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9

This exploit is now being abused in the wild and we are seeing attacks against many projects hosted on Servd. We are actively attempting to update the configuration for any vulnerable projects to mitigate the attack vector. During this time your project components may be restarted as we roll out changes.

Avatar for
Began at:

Affected components
  • Clusters
    • EU-WEST-1
    • EU-WEST-2
    • EU-WEST-3
    • EU-WEST-4
    • EU-WEST-5
    • UK-LONDON-2
    • UK-LONDON-4
    • UK-LONDON-5
    • US-EAST-1
    • US-EAST-2
    • US-EAST-3
    • US-EAST-5
    • US-EAST-6
    • US-EAST-4
    • US-EAST-7