A highly critical vulnerability was discovered in the Drupal content management software (CMS) on February 20. Cloudflare identified the type of vulnerability within 15 minutes and blocked attacks within 48 hours. The vulnerability is based on deserialization which can be abused with the help of a maliciously crafted serialized Object. The worst part was that potential attackers could exploit CVE-2019-6340 without any authentication requirements, allowing for all the data on the system to be modified or deleted. The first attack was observed at around 7pm UTC on Friday the 22nd of February 2019, and to date it has matched zero false positives.
Source: https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/