The new flaw tracked as CVE-2018-7602, is a highly critical remote code execution issue, Drupal team fixed it with the release of versions 7.59, 8.4.8 and 8.5.3. Security experts speculate the vulnerability may have been exploited to launch the ransomware-based attack on the Ukrainian energy ministry’s website. The vulnerability was discovered while members of the Drupal Security Team were analyzing the original Drupalgeddon2 flaw and published a technical report on the flaw.”]
Source: https://securityaffairs.co/wordpress/71786/cyber-crime/cve-2018-7602-linked-drupalgeddon2.html