New vulnerabilities in Drupal can be exploited by a remote attacker to gain access to sensitive information. We advise administrators to update to patched versions of Drupal 8.5.2 and 8.4.