This article is part of Next Big Futures coverage of vulnerability discovery in Drupal.
This vulnerability affects Drupal 7, 7.x and 7.5, 7, 8 and 8.5.5 and 8 and later versions.
This is an open vulnerability and we recommend to patch it now before a future vulnerability is discovered.
The fix for this issue is to patch the Drupal 7 source code using the appropriate patching tools such as: drupal-7-plugin.php and drupal_update.php from the Drupal project.
This fixes the Drupal 6 version, and the Drupal 8 version, but not the Drupal 9 version.
You can find the Drupal source code on GitHub.