Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/22042?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/22042?format=api", "purl": "pkg:composer/drupal/core@7.0.0", "type": "composer", "namespace": "drupal", "name": "core", "version": "7.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.9", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19357?format=api", "vulnerability_id": "VCID-1ax1-6pzg-87f8", "summary": "Drupal core Open Redirect vulnerability\nDrupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.\n\nThe vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.\n\nOther versions of Drupal core are not vulnerable.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-05-20-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-05-20-1.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2020-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-003" }, { "reference_url": "https://github.com/advisories/GHSA-6gf6-24h2-66j4", "reference_id": "GHSA-6gf6-24h2-66j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gf6-24h2-66j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60429?format=api", "purl": "pkg:composer/drupal/core@7.70.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vura-3gnb-rybs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.70.0" } ], "aliases": [ "GHSA-6gf6-24h2-66j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ax1-6pzg-87f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10639?format=api", "vulnerability_id": "VCID-349d-w26k-mqfw", "summary": "Moderately critical - Third-party libraries - SA-CORE-2019-007\nThe `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92897", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93175", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93168", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/36" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4445" }, { "reference_url": "https://www.drupal.org/sa-core-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-007" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-007" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_22" }, { "reference_url": "http://www.securityfocus.com/bid/108302", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831", "reference_id": "CVE-2019-11831", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831" }, { "reference_url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc", "reference_id": "GHSA-xv7v-rf6g-xwrc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74261?format=api", "purl": "pkg:composer/drupal/core@7.67.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.67.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36443?format=api", "purl": "pkg:composer/drupal/core@8.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/36444?format=api", "purl": "pkg:composer/drupal/core@8.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1" } ], "aliases": [ "CVE-2019-11831", "GHSA-xv7v-rf6g-xwrc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-349d-w26k-mqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10233?format=api", "vulnerability_id": "VCID-3fka-y25d-m7a3", "summary": "Improper Input Validation\nA remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98913", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98912", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98915", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-002" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46", "reference_id": "GHSA-8cw5-rv98-5c46", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51890?format=api", "purl": "pkg:composer/drupal/core@7.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.62.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80248?format=api", "purl": "pkg:composer/drupal/core@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34662?format=api", "purl": "pkg:composer/drupal/core@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6" } ], "aliases": [ "CVE-2019-6339", "GHSA-8cw5-rv98-5c46" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3fka-y25d-m7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10242?format=api", "vulnerability_id": "VCID-3hf4-tvxn-zyh4", "summary": "Files uploaded by anonymous users accessed by other users\nPrivate files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82674", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82704", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3897", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-3897" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99219" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg", "reference_id": "GHSA-58f3-cx8p-h8jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83077?format=api", "purl": "pkg:composer/drupal/core@7.56.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.56.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/29924?format=api", "purl": "pkg:composer/drupal/core@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4" } ], "aliases": [ "CVE-2017-6922", "GHSA-58f3-cx8p-h8jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hf4-tvxn-zyh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10584?format=api", "vulnerability_id": "VCID-3s9f-prpy-hbcx", "summary": "Cross-site Scripting\nThe jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "reference_url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1570", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2587", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3024", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83035", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83024", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83028", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.8302", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83012", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.82988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.8299", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02717", "scoring_system": "epss", "scoring_elements": "0.85871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02717", "scoring_system": "epss", "scoring_elements": "0.8586", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11358" }, { "reference_url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "reference_url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f" }, { "reference_url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829" }, { "reference_url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "reference_url": "https://github.com/jquery/jquery/pull/4333", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://github.com/jquery/jquery/pull/4333" }, { "reference_url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc" }, { "reference_url": "https://github.com/maximebf/php-debugbar/issues/447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/issues/447" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" }, { "reference_url": "https://hackerone.com/reports/454365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/454365" }, { "reference_url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190919-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "reference_url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "reference_url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases" }, { "reference_url": "https://www.drupal.org/sa-core-2019-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.drupal.org/sa-core-2019-006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://www.tenable.com/security/tns-2019-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.tenable.com/security/tns-2019-08" }, { "reference_url": "https://www.tenable.com/security/tns-2020-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.tenable.com/security/tns-2020-02" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "reference_url": "http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", "reference_id": "1701972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json", "reference_id": "496", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "reference_id": "4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "reference_id": "5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466", "reference_id": "927466", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466" }, { "reference_url": "https://security.archlinux.org/ASA-201906-2", "reference_id": "ASA-201906-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-2" }, { "reference_url": "https://security.archlinux.org/AVG-969", "reference_id": "AVG-969", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-969" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "reference_id": "CVE-2019-11358", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml", "reference_id": "CVE-2019-11358.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt", "reference_id": "CVE-2020-7656;CVE-2019-11358", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt" }, { "reference_url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq", "reference_id": "GHSA-6c3j-c64m-qhgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "reference_id": "KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "reference_url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "reference_id": "mitigating-cve-2019-11358-in-old-versions-of-jquery", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "reference_id": "ntap-20190919-0001", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "reference_id": "QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1325", "reference_id": "RHSA-2020:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5581", "reference_id": "RHSA-2020:5581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4142", "reference_id": "RHSA-2021:4142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7343", "reference_id": "RHSA-2022:7343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "reference_id": "RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "reference_id": "WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36161?format=api", "purl": "pkg:composer/drupal/core@8.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/36163?format=api", "purl": "pkg:composer/drupal/core@8.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15" } ], "aliases": [ "CVE-2019-11358", "GHSA-6c3j-c64m-qhgq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9f-prpy-hbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19472?format=api", "vulnerability_id": "VCID-3sr6-86jw-6fb9", "summary": "Drupal External URL injection through URL aliases leading to Open Redirect\nThe path module in Drupal allows users with the 'administer paths' to create pretty URLs for content.\nIn certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-7f4f-p7mq-p4fv", "reference_id": "GHSA-7f4f-p7mq-p4fv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7f4f-p7mq-p4fv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60487?format=api", "purl": "pkg:composer/drupal/core@7.60.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.60.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60240?format=api", "purl": "pkg:composer/drupal/core@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32218?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "GHSA-7f4f-p7mq-p4fv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sr6-86jw-6fb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8826?format=api", "vulnerability_id": "VCID-48ut-ykkc-83fx", "summary": "Comment reply form allows access to restricted content\nUsers with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.", "references": [ { "reference_url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58437", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58571", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58567", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r", "reference_id": "GHSA-2p28-5mvp-2j2r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82030?format=api", "purl": "pkg:composer/drupal/core@7.57.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.57.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26566?format=api", "purl": "pkg:composer/drupal/core@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5" } ], "aliases": [ "CVE-2017-6926", "GHSA-2p28-5mvp-2j2r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48ut-ykkc-83fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7353?format=api", "vulnerability_id": "VCID-53h1-sj47-gugn", "summary": "Improper Access Control\nThe File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52637", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5275", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52706", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5268", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3162.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3162.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3162" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-w2pj-c8x5-jvg2", "reference_id": "GHSA-w2pj-c8x5-jvg2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2pj-c8x5-jvg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22057?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3162", "GHSA-w2pj-c8x5-jvg2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53h1-sj47-gugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32449?format=api", "vulnerability_id": "VCID-5618-53yg-8qh4", "summary": "Potential XSS vulnerability in jQuery\n### Impact\nPassing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.\n\n### Patches\nThis problem is patched in jQuery 3.5.0.\n\n### Workarounds\nTo workaround the issue without upgrading, adding the following to your code:\n\n```js\njQuery.htmlPrefilter = function( html ) {\n\treturn html;\n};\n```\n\nYou need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.\n\n### References\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://jquery.com/upgrade-guide/3.5/\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84194", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03251", "scoring_system": "epss", "scoring_elements": "0.87068", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03251", "scoring_system": "epss", "scoring_elements": "0.87079", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11022" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662" }, { "reference_url": "http://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" }, { "reference_url": "https://github.com/jquery/jquery/releases/tag/3.5.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/releases/tag/3.5.0" }, { "reference_url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2" }, { "reference_url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc" }, { "reference_url": "https://github.com/maximebf/php-debugbar/issues/447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/issues/447" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jquery.com/upgrade-guide/3.5" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jquery.com/upgrade-guide/3.5/" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "reference_url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html" }, { "reference_url": "https://security.gentoo.org/glsa/202007-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-03" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4693" }, { "reference_url": "https://www.drupal.org/sa-core-2020-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-002" }, { "reference_url": "https://www.npmjs.com/advisories/1518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1518" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2020-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2020-10" }, { "reference_url": "https://www.tenable.com/security/tns-2020-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2020-11" }, { "reference_url": "https://www.tenable.com/security/tns-2021-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-02" }, { "reference_url": "https://www.tenable.com/security/tns-2021-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", "reference_id": "1828406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt", "reference_id": "CVE-2020-11022", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2217", "reference_id": "RHSA-2020:2217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2362", "reference_id": "RHSA-2020:2362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3247", "reference_id": "RHSA-2020:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3807", "reference_id": "RHSA-2020:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4211", "reference_id": "RHSA-2020:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5249", "reference_id": "RHSA-2020:5249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6393", "reference_id": "RHSA-2022:6393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://usn.ubuntu.com/7246-1/", "reference_id": "USN-7246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7246-1/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://usn.ubuntu.com/7658-1/", "reference_id": "USN-7658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/222381?format=api", "purl": "pkg:composer/drupal/core@8.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/201523?format=api", "purl": "pkg:composer/drupal/core@8.8.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/222384?format=api", "purl": "pkg:composer/drupal/core@8.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-agtf-c53h-2fdx" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-ptxz-rvbt-hqhz" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/205427?format=api", "purl": "pkg:composer/drupal/core@8.9.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1" } ], "aliases": [ "CVE-2020-11022", "GHSA-gxr4-xjj5-5px2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5618-53yg-8qh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10460?format=api", "vulnerability_id": "VCID-565p-mgqe-gkfc", "summary": "Cross-site Scripting vulnerability in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35386?format=api", "purl": "pkg:composer/drupal/core@8.6.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12" } ], "aliases": [ "2019-03-20" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-565p-mgqe-gkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17391?format=api", "vulnerability_id": "VCID-6ck5-9e5b-w3ay", "summary": "Improper access control\nIn some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59071", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59123", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf" }, { "reference_url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116" }, { "reference_url": "https://www.drupal.org/sa-core-2022-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/" } ], "url": "https://www.drupal.org/sa-core-2022-012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275", "reference_id": "CVE-2022-25275", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml", "reference_id": "CVE-2022-25275.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3", "reference_id": "GHSA-xh3v-6f9j-wxw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80844?format=api", "purl": "pkg:composer/drupal/core@7.91.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.91.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57343?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57345?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25275", "GHSA-xh3v-6f9j-wxw3", "GMS-2022-3362" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ck5-9e5b-w3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11348?format=api", "vulnerability_id": "VCID-6m8x-cfzp-tkf4", "summary": "Drupal core Unrestricted Upload of File with Dangerous Type\nDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89078", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89133", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89122", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89102", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671" }, { "reference_url": "https://www.drupal.org/sa-core-2020-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://www.drupal.org/sa-core-2020-012" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/", "reference_id": "5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671", "reference_id": "CVE-2020-13671", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw", "reference_id": "GHSA-68jc-v27h-vhmw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/", "reference_id": "KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/" }, { "reference_url": "https://usn.ubuntu.com/6981-1/", "reference_id": "USN-6981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-2/", "reference_id": "USN-6981-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40897?format=api", "purl": "pkg:composer/drupal/core@7.74.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.74.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40895?format=api", "purl": "pkg:composer/drupal/core@8.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/40893?format=api", "purl": "pkg:composer/drupal/core@8.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/40891?format=api", "purl": "pkg:composer/drupal/core@9.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8" } ], "aliases": [ "CVE-2020-13671", "GHSA-68jc-v27h-vhmw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19530?format=api", "vulnerability_id": "VCID-9ss3-mvt3-8bem", "summary": "Drupal core Arbitrary PHP code execution\nThe Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:\nCVE-2020-28948\nCVE-2020-28949\n\nMultiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.\n\nTo mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2020-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-013" }, { "reference_url": "https://github.com/advisories/GHSA-gxxj-g9v8-w28p", "reference_id": "GHSA-gxxj-g9v8-w28p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gxxj-g9v8-w28p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60689?format=api", "purl": "pkg:composer/drupal/core@7.75.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.75.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60690?format=api", "purl": "pkg:composer/drupal/core@8.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60691?format=api", "purl": "pkg:composer/drupal/core@8.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/60692?format=api", "purl": "pkg:composer/drupal/core@9.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9" } ], "aliases": [ "GHSA-gxxj-g9v8-w28p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ss3-mvt3-8bem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7358?format=api", "vulnerability_id": "VCID-9wt5-xe6d-n3cb", "summary": "Open redirect via path manipulation\nDrupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71951", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71978", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71958", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3164.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3164.yaml" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164", "reference_id": "CVE-2016-3164", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164" }, { "reference_url": "https://github.com/advisories/GHSA-836p-6p4j-35cg", "reference_id": "GHSA-836p-6p4j-35cg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-836p-6p4j-35cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22057?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3164", "GHSA-836p-6p4j-35cg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wt5-xe6d-n3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17403?format=api", "vulnerability_id": "VCID-bk92-66re-dkc5", "summary": "Access bypass in Drupal core\nThe file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49064", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49065", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49072", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49085", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49037", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2023-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/" } ], "url": "https://www.drupal.org/sa-core-2023-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250", "reference_id": "CVE-2023-31250", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250" }, { "reference_url": "https://github.com/advisories/GHSA-8849-cv9f-vccm", "reference_id": "GHSA-8849-cv9f-vccm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8849-cv9f-vccm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57368?format=api", "purl": "pkg:composer/drupal/core@7.96.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.96.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57369?format=api", "purl": "pkg:composer/drupal/core@9.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/57366?format=api", "purl": "pkg:composer/drupal/core@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/57367?format=api", "purl": "pkg:composer/drupal/core@10.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8" } ], "aliases": [ "CVE-2023-31250", "GHSA-8849-cv9f-vccm" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bk92-66re-dkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57833?format=api", "vulnerability_id": "VCID-brsq-e734-ffch", "summary": "Drupal Access Control Bypass\nDrupal 7.x before 7.3 allows remote attackers to bypass intended `node_access` restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385" }, { "reference_url": "http://drupal.org/node/1204582", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://drupal.org/node/1204582" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.7357", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73578", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73596", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73538", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73547", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2687" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=717874", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717874" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2687" }, { "reference_url": "https://web.archive.org/web/20110710024036/http://www.securityfocus.com/bid/48505", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110710024036/http://www.securityfocus.com/bid/48505" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/07/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/07/11/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/07/12/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/07/12/16" }, { "reference_url": "https://github.com/advisories/GHSA-96vx-qf28-6f8m", "reference_id": "GHSA-96vx-qf28-6f8m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-96vx-qf28-6f8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84008?format=api", "purl": "pkg:composer/drupal/core@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.3.0" } ], "aliases": [ "CVE-2011-2687", "GHSA-96vx-qf28-6f8m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brsq-e734-ffch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10229?format=api", "vulnerability_id": "VCID-cucx-jfqf-pkd1", "summary": "Deserialization of Untrusted Data\nDrupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77504", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77507", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.7748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77455", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-001" }, { "reference_url": "http://www.securityfocus.com/bid/106706", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp", "reference_id": "GHSA-6rmq-x2hv-vxpp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34662?format=api", "purl": "pkg:composer/drupal/core@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6" } ], "aliases": [ "CVE-2019-6338", "GHSA-6rmq-x2hv-vxpp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cucx-jfqf-pkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32455?format=api", "vulnerability_id": "VCID-cvxp-ctj9-guej", "summary": "Potential XSS vulnerability in jQuery\n### Impact\nPassing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.\n\n### Patches\nThis problem is patched in jQuery 3.5.0.\n\n### Workarounds\nTo workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method.\n\n### References\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.9709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36851", "scoring_system": "epss", "scoring_elements": "0.97117", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36851", "scoring_system": "epss", "scoring_elements": "0.97125", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11023" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" }, { "reference_url": "https://github.com/jquery/jquery/releases/tag/3.5.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/releases/tag/3.5.0" }, { "reference_url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jquery.com/upgrade-guide/3.5" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://jquery.com/upgrade-guide/3.5/" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "reference_url": "https://security.gentoo.org/glsa/202007-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://security.gentoo.org/glsa/202007-03" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230725-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230725-0003" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4693" }, { "reference_url": "https://www.drupal.org/sa-core-2020-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.drupal.org/sa-core-2020-002" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.tenable.com/security/tns-2021-02" }, { "reference_url": "https://www.tenable.com/security/tns-2021-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.tenable.com/security/tns-2021-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", "reference_id": "1850004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", "reference_id": "AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt", "reference_id": "CVE-2020-11023", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml", "reference_id": "CVE-2020-23064.YML", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006/", "reference_id": "ntap-20200511-0006", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", "reference_id": "QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3247", "reference_id": "RHSA-2020:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3369", "reference_id": "RHSA-2020:3369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3807", "reference_id": "RHSA-2020:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4211", "reference_id": "RHSA-2020:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5249", "reference_id": "RHSA-2020:5249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5412", "reference_id": "RHSA-2020:5412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0851", "reference_id": "RHSA-2021:0851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0860", "reference_id": "RHSA-2021:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1846", "reference_id": "RHSA-2021:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4142", "reference_id": "RHSA-2021:4142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6393", "reference_id": "RHSA-2022:6393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7343", "reference_id": "RHSA-2022:7343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1070", "reference_id": "RHSA-2025:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1185", "reference_id": "RHSA-2025:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1209", "reference_id": "RHSA-2025:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1210", "reference_id": "RHSA-2025:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1211", "reference_id": "RHSA-2025:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1212", "reference_id": "RHSA-2025:1212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1213", "reference_id": "RHSA-2025:1213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1214", "reference_id": "RHSA-2025:1214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1215", "reference_id": "RHSA-2025:1215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1216", "reference_id": "RHSA-2025:1216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1217", "reference_id": "RHSA-2025:1217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1247", "reference_id": "RHSA-2025:1247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1255", "reference_id": "RHSA-2025:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1256", "reference_id": "RHSA-2025:1256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1300", "reference_id": "RHSA-2025:1300", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1300" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1301", "reference_id": "RHSA-2025:1301", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1301" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1303", "reference_id": "RHSA-2025:1303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1304", "reference_id": "RHSA-2025:1304", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1305", "reference_id": "RHSA-2025:1305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1306", "reference_id": "RHSA-2025:1306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1308", "reference_id": "RHSA-2025:1308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1309", "reference_id": "RHSA-2025:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1310", "reference_id": "RHSA-2025:1310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1311", "reference_id": "RHSA-2025:1311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1312", "reference_id": "RHSA-2025:1312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1314", "reference_id": "RHSA-2025:1314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1315", "reference_id": "RHSA-2025:1315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1329", "reference_id": "RHSA-2025:1329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1338", "reference_id": "RHSA-2025:1338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1342", "reference_id": "RHSA-2025:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1346", "reference_id": "RHSA-2025:1346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1514", "reference_id": "RHSA-2025:1514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1515", "reference_id": "RHSA-2025:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1580", "reference_id": "RHSA-2025:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1601", "reference_id": "RHSA-2025:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1983", "reference_id": "RHSA-2025:1983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2426", "reference_id": "RHSA-2025:2426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2426" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", "reference_id": "SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", "reference_id": "SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/" }, { "reference_url": "https://usn.ubuntu.com/7246-1/", "reference_id": "USN-7246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7246-1/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://usn.ubuntu.com/7658-1/", "reference_id": "USN-7658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/222381?format=api", "purl": "pkg:composer/drupal/core@8.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/201523?format=api", "purl": "pkg:composer/drupal/core@8.8.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/222384?format=api", "purl": "pkg:composer/drupal/core@8.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-agtf-c53h-2fdx" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-ptxz-rvbt-hqhz" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/205427?format=api", "purl": "pkg:composer/drupal/core@8.9.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1" } ], "aliases": [ "CVE-2020-11023", "GHSA-jpcq-cgw6-v4j6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvxp-ctj9-guej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10488?format=api", "vulnerability_id": "VCID-djgn-ezxp-37eu", "summary": "Cross-site Scripting\nUnder certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9765", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97634", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-004" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341", "reference_id": "CVE-2019-6341", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341" }, { "reference_url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p", "reference_id": "GHSA-cmmh-8mwp-gq5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84339?format=api", "purl": "pkg:composer/drupal/core@7.65.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.65.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35600?format=api", "purl": "pkg:composer/drupal/core@8.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35601?format=api", "purl": "pkg:composer/drupal/core@8.6.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.13" } ], "aliases": [ "CVE-2019-6341", "GHSA-cmmh-8mwp-gq5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djgn-ezxp-37eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7354?format=api", "vulnerability_id": "VCID-en3b-g3f3-a3e3", "summary": "Brute force amplification attacks via XML-RPC\nThe XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74918", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74957", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74967", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74965", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.7492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74946", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74915", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3163.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3163.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3163" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h3r9-pjmr-f938", "reference_id": "GHSA-h3r9-pjmr-f938", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3r9-pjmr-f938" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22057?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3163", "GHSA-h3r9-pjmr-f938" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-en3b-g3f3-a3e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8828?format=api", "vulnerability_id": "VCID-g1rp-twzp-63e1", "summary": "Cross-site Scripting\nA jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69505", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69567", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.6955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.6952", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69494", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6929" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-5vpr-v24w-mmjj", "reference_id": "GHSA-5vpr-v24w-mmjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vpr-v24w-mmjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82030?format=api", "purl": "pkg:composer/drupal/core@7.57.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.57.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54634?format=api", "purl": "pkg:composer/drupal/core@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26566?format=api", "purl": "pkg:composer/drupal/core@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5" } ], "aliases": [ "CVE-2017-6929", "GHSA-5vpr-v24w-mmjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1rp-twzp-63e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15382?format=api", "vulnerability_id": "VCID-ga35-289v-vqhr", "summary": "Drupal Core Remote Code Execution Vulnerability\nDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94489", "scoring_system": "epss", "scoring_elements": "1.0", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600" }, { "reference_url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://greysec.net/showthread.php?tid=2912&pid=10561", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://greysec.net/showthread.php?tid=2912&pid=10561" }, { "reference_url": "https://groups.drupal.org/security/faq-2018-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://groups.drupal.org/security/faq-2018-002" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2" }, { "reference_url": "https://twitter.com/arancaytar/status/979090719003627521", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/arancaytar/status/979090719003627521" }, { "reference_url": "https://twitter.com/RicterZ/status/979567469726613504", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/979567469726613504" }, { "reference_url": "https://twitter.com/RicterZ/status/984495201354854401", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/984495201354854401" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4156", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4156" }, { "reference_url": "https://www.drupal.org/sa-core-2018-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-002" }, { "reference_url": "https://www.exploit-db.com/exploits/44448", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44448" }, { "reference_url": "https://www.exploit-db.com/exploits/44449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44449" }, { "reference_url": "https://www.exploit-db.com/exploits/44482", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44482" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_18_17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.synology.com/support/security/Synology_SA_18_17" }, { "reference_url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know" }, { "reference_url": "http://www.securityfocus.com/bid/103534", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securityfocus.com/bid/103534" }, { "reference_url": "http://www.securitytracker.com/id/1040598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securitytracker.com/id/1040598" }, { "reference_url": "https://www.exploit-db.com/exploits/44448/", "reference_id": "44448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44448/" }, { "reference_url": "https://www.exploit-db.com/exploits/44449/", "reference_id": "44449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44449/" }, { "reference_url": "https://www.exploit-db.com/exploits/44482/", "reference_id": "44482", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44482/" }, { "reference_url": "https://security.archlinux.org/ASA-201804-1", "reference_id": "ASA-201804-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-1" }, { "reference_url": "https://security.archlinux.org/AVG-665", "reference_id": "AVG-665", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-665" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/a2u/CVE-2018-7600" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py" }, { "reference_url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600" }, { "reference_url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE", "reference_id": "CVE-2018-7600-DRUPAL-RCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7fh9-933g-885p", "reference_id": "GHSA-7fh9-933g-885p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fh9-933g-885p" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/", "reference_id": "over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/", "reference_id": "uncovering-drupalgeddon-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54635?format=api", "purl": "pkg:composer/drupal/core@7.58.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.58.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54636?format=api", "purl": "pkg:composer/drupal/core@8.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54637?format=api", "purl": "pkg:composer/drupal/core@8.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54638?format=api", "purl": "pkg:composer/drupal/core@8.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.1" } ], "aliases": [ "CVE-2018-7600", "GHSA-7fh9-933g-885p" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ga35-289v-vqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34557?format=api", "vulnerability_id": "VCID-gbz5-5frj-hber", "summary": "Multiple vulnerabilities through filename manipulation in Archive_Tar\nArchive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33", "references": [ { "reference_url": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92961", "scoring_system": "epss", "scoring_elements": "0.99776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92961", "scoring_system": "epss", "scoring_elements": "0.99778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92961", "scoring_system": "epss", "scoring_elements": "0.99777", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28949" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml" }, { "reference_url": "https://github.com/pear/Archive_Tar", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar" }, { "reference_url": "https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da" }, { "reference_url": "https://github.com/pear/Archive_Tar/issues/33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://github.com/pear/Archive_Tar/issues/33" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28949", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28949" }, { "reference_url": "https://security.gentoo.org/glsa/202101-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://security.gentoo.org/glsa/202101-23" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4817", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4817" }, { "reference_url": "https://www.drupal.org/sa-core-2020-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://www.drupal.org/sa-core-2020-013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910323", "reference_id": "1910323", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910323" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/", "reference_id": "42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/", "reference_id": "4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/", "reference_id": "5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108", "reference_id": "976108", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108" }, { "reference_url": "https://github.com/advisories/GHSA-75c5-f4gw-38r9", "reference_id": "GHSA-75c5-f4gw-38r9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75c5-f4gw-38r9" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/", "reference_id": "KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/", "reference_id": "NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6541", "reference_id": "RHSA-2022:6541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6542", "reference_id": "RHSA-2022:6542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7340", "reference_id": "RHSA-2022:7340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7340" }, { "reference_url": "https://usn.ubuntu.com/4654-1/", "reference_id": "USN-4654-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4654-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-1/", "reference_id": "USN-6981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-2/", "reference_id": "USN-6981-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/", "reference_id": "VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60689?format=api", "purl": "pkg:composer/drupal/core@7.75.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.75.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60690?format=api", "purl": "pkg:composer/drupal/core@8.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/205427?format=api", "purl": "pkg:composer/drupal/core@8.9.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60691?format=api", "purl": "pkg:composer/drupal/core@8.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/201526?format=api", "purl": "pkg:composer/drupal/core@9.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60692?format=api", "purl": "pkg:composer/drupal/core@9.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/222401?format=api", "purl": "pkg:composer/drupal/core@9.1.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1" } ], "aliases": [ "CVE-2020-28949", "GHSA-75c5-f4gw-38r9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbz5-5frj-hber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9964?format=api", "vulnerability_id": "VCID-gzcu-sbks-wyfa", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32218?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "2018-10-17-2" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzcu-sbks-wyfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8836?format=api", "vulnerability_id": "VCID-jnu7-1j9c-dqck", "summary": "JavaScript cross-site scripting prevention is incomplete\nDrupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80297", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.8035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80313", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927" }, { "reference_url": "http://www.securityfocus.com/bid/103138", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103138" }, { "reference_url": "https://github.com/advisories/GHSA-585j-5449-mf5m", "reference_id": "GHSA-585j-5449-mf5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-585j-5449-mf5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82030?format=api", "purl": "pkg:composer/drupal/core@7.57.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.57.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26566?format=api", "purl": "pkg:composer/drupal/core@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5" } ], "aliases": [ "CVE-2017-6927", "GHSA-585j-5449-mf5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnu7-1j9c-dqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12878?format=api", "vulnerability_id": "VCID-k1gx-nznx-7qd6", "summary": "Drupal core Cross-site Scripting (XSS) vulnerability\nCross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68413", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68367", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-002" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672", "reference_id": "CVE-2020-13672", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3m36-mjwj-352c", "reference_id": "GHSA-3m36-mjwj-352c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m36-mjwj-352c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46163?format=api", "purl": "pkg:composer/drupal/core@7.80.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.80.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46164?format=api", "purl": "pkg:composer/drupal/core@8.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/46166?format=api", "purl": "pkg:composer/drupal/core@9.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/46167?format=api", "purl": "pkg:composer/drupal/core@9.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7" } ], "aliases": [ "CVE-2020-13672", "GHSA-3m36-mjwj-352c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gx-nznx-7qd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35087?format=api", "vulnerability_id": "VCID-kc7d-5k6x-77bp", "summary": "Directory Traversal in Archive_Tar\nTar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.\n\n### :exclamation: Note: \nThere was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.9871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.98707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.98703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.987", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.98699", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.71148", "scoring_system": "epss", "scoring_elements": "0.98711", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml" }, { "reference_url": "https://github.com/pear/Archive_Tar", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar" }, { "reference_url": "https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916" }, { "reference_url": "https://github.com/pear/Archive_Tar/issues/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar/issues/35" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36193", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36193" }, { "reference_url": "https://security.gentoo.org/glsa/202101-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://security.gentoo.org/glsa/202101-23" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4894", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4894" }, { "reference_url": "https://www.drupal.org/sa-core-2021-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://www.drupal.org/sa-core-2021-001" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942961", "reference_id": "1942961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942961" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/", "reference_id": "42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428", "reference_id": "980428", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428" }, { "reference_url": "https://security.archlinux.org/ASA-202102-7", "reference_id": "ASA-202102-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-7" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://security.archlinux.org/AVG-1464", "reference_id": "AVG-1464", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1464" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/", "reference_id": "FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/" }, { "reference_url": "https://github.com/advisories/GHSA-rpw6-9xfx-jvcx", "reference_id": "GHSA-rpw6-9xfx-jvcx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpw6-9xfx-jvcx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6541", "reference_id": "RHSA-2022:6541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6542", "reference_id": "RHSA-2022:6542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7340", "reference_id": "RHSA-2022:7340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7340" }, { "reference_url": "https://usn.ubuntu.com/4723-1/", "reference_id": "USN-4723-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4723-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/", "reference_id": "VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/", "reference_id": "YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/569323?format=api", "purl": "pkg:composer/drupal/core@7.78.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.78.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/283895?format=api", "purl": "pkg:composer/drupal/core@8.9.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/201526?format=api", "purl": "pkg:composer/drupal/core@9.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/283918?format=api", "purl": "pkg:composer/drupal/core@9.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/222401?format=api", "purl": "pkg:composer/drupal/core@9.1.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/283898?format=api", "purl": "pkg:composer/drupal/core@9.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.3" } ], "aliases": [ "CVE-2020-36193", "GHSA-rpw6-9xfx-jvcx" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kc7d-5k6x-77bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7562?format=api", "vulnerability_id": "VCID-kwe1-gm4m-tkgf", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nConfirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30772", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30831", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30862", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30863", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3082", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9451" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3718", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3718" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/AVG-75", "reference_id": "AVG-75", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-75" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9451", "reference_id": "CVE-2016-9451", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9451" }, { "reference_url": "https://github.com/advisories/GHSA-66gr-xrcf-8jpq", "reference_id": "GHSA-66gr-xrcf-8jpq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66gr-xrcf-8jpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81927?format=api", "purl": "pkg:composer/drupal/core@7.52.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.52.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23294?format=api", "purl": "pkg:composer/drupal/core@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.3" } ], "aliases": [ "CVE-2016-9451", "GHSA-66gr-xrcf-8jpq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwe1-gm4m-tkgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55904?format=api", "vulnerability_id": "VCID-mhk6-9qdy-83f3", "summary": "Drupal Core Cross-site scripting vulnerability\nCross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66463", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66495", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66487", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66474", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66428", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13666" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13666", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13666" }, { "reference_url": "https://www.drupal.org/sa-core-2020-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-007" }, { "reference_url": "https://github.com/advisories/GHSA-8jj2-x2gc-ggm7", "reference_id": "GHSA-8jj2-x2gc-ggm7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jj2-x2gc-ggm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82807?format=api", "purl": "pkg:composer/drupal/core@7.73.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.73.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46171?format=api", "purl": "pkg:composer/drupal/core@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/46146?format=api", "purl": "pkg:composer/drupal/core@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/46147?format=api", "purl": "pkg:composer/drupal/core@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6" } ], "aliases": [ "CVE-2020-13666", "GHSA-8jj2-x2gc-ggm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhk6-9qdy-83f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7356?format=api", "vulnerability_id": "VCID-mt37-qzh7-gyfv", "summary": "Reflected file download vulnerability\nThe System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67369", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67446", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.6748", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67404", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3168.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3168.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3168.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3168.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:C/I:C/A:C" }, { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3168" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-qqxc-cppg-4xp8", "reference_id": "GHSA-qqxc-cppg-4xp8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqxc-cppg-4xp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22057?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3168", "GHSA-qqxc-cppg-4xp8" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt37-qzh7-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9971?format=api", "vulnerability_id": "VCID-nd8n-5dsu-2fbp", "summary": "Code Injection\nInjection in `DefaultMailSystem::mail()`.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32218?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "2018-10-17-4" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd8n-5dsu-2fbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14569?format=api", "vulnerability_id": "VCID-rdgr-yuu7-xkey", "summary": "Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.\n\nThis issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.\n\nTo help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases. \n\nThis issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89878", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.8989", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638" }, { "reference_url": "https://www.drupal.org/sa-core-2024-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/" } ], "url": "https://www.drupal.org/sa-core-2024-008" }, { "reference_url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4", "reference_id": "GHSA-gvf2-2f4g-jqf4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51086?format=api", "purl": "pkg:composer/drupal/core@7.102.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.102.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" } ], "aliases": [ "CVE-2024-55638", "GHSA-gvf2-2f4g-jqf4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdgr-yuu7-xkey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14777?format=api", "vulnerability_id": "VCID-rhj7-dy7q-jkhw", "summary": "Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94436", "scoring_system": "epss", "scoring_elements": "0.99988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.94436", "scoring_system": "epss", "scoring_elements": "0.99987", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46452/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46452/" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46459/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46459/" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "https://www.exploit-db.com/exploits/46510/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46510/" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" }, { "reference_url": "http://www.securityfocus.com/bid/107106", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "http://www.securityfocus.com/bid/107106" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb" }, { "reference_url": "https://www.ambionics.io/blog/drupal8-rce", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://www.ambionics.io/blog/drupal8-rce" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51890?format=api", "purl": "pkg:composer/drupal/core@7.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.62.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51892?format=api", "purl": "pkg:composer/drupal/core@8.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51888?format=api", "purl": "pkg:composer/drupal/core@8.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10" } ], "aliases": [ "CVE-2019-6340", "GHSA-3gx6-h57h-rm27" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj7-dy7q-jkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46066?format=api", "vulnerability_id": "VCID-s8u8-xbdk-87dj", "summary": "ckeditor4 vulnerable to cross-site scripting\nA cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.9779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97788", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829" }, { "reference_url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829" }, { "reference_url": "https://github.com/ckeditor/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829" }, { "reference_url": "https://www.drupal.org/sa-core-2021-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-003" }, { "reference_url": "https://www.npmjs.com/package/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/ckeditor4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217", "reference_id": "1015217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217" }, { "reference_url": "https://security.archlinux.org/ASA-202106-35", "reference_id": "ASA-202106-35", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-35" }, { "reference_url": "https://security.archlinux.org/AVG-2069", "reference_id": "AVG-2069", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2069" }, { "reference_url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388", "reference_id": "GHSA-rgx6-rjj4-c388", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388" }, { "reference_url": "https://usn.ubuntu.com/5340-1/", "reference_id": "USN-5340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5340-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5340-2/", "reference_id": "USN-USN-5340-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5340-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46163?format=api", "purl": "pkg:composer/drupal/core@7.80.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.80.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76649?format=api", "purl": "pkg:composer/drupal/core@8.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/76650?format=api", "purl": "pkg:composer/drupal/core@9.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/76651?format=api", "purl": "pkg:composer/drupal/core@9.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.9" } ], "aliases": [ "CVE-2021-33829", "GHSA-rgx6-rjj4-c388" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8u8-xbdk-87dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8830?format=api", "vulnerability_id": "VCID-s9kv-9qfu-gbdq", "summary": "Incorrect Permission Assignment for Critical Resource\nWhen using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51075", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.5117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.5111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51153", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51129", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928", "reference_id": "CVE-2017-6928", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928" }, { "reference_url": "https://github.com/advisories/GHSA-66mv-q8r2-hj8w", "reference_id": "GHSA-66mv-q8r2-hj8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66mv-q8r2-hj8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82030?format=api", "purl": "pkg:composer/drupal/core@7.57.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.57.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2017-6928", "GHSA-66mv-q8r2-hj8w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9kv-9qfu-gbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55638?format=api", "vulnerability_id": "VCID-ssyn-dxp9-3kdq", "summary": "Drupal Core Cross-Site Request Forgery (CSRF) vulnerability\nCross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4453", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44638", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44567", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693" }, { "reference_url": "https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6" }, { "reference_url": "https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13663" }, { "reference_url": "https://www.drupal.org/sa-core-2020-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-004" }, { "reference_url": "https://github.com/advisories/GHSA-m648-hpf8-qcjw", "reference_id": "GHSA-m648-hpf8-qcjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m648-hpf8-qcjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82682?format=api", "purl": "pkg:composer/drupal/core@7.72.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.72.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81978?format=api", "purl": "pkg:composer/drupal/core@8.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81979?format=api", "purl": "pkg:composer/drupal/core@8.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/81980?format=api", "purl": "pkg:composer/drupal/core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1" } ], "aliases": [ "CVE-2020-13663", "GHSA-m648-hpf8-qcjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssyn-dxp9-3kdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22355?format=api", "vulnerability_id": "VCID-syrg-ckq7-cbd6", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01041", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0469", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04655", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/" } ], "url": "https://www.drupal.org/sa-core-2025-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64954?format=api", "purl": "pkg:composer/drupal/core@7.103.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.103.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/64942?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64943?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64944?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64945?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syrg-ckq7-cbd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7348?format=api", "vulnerability_id": "VCID-u5wt-ndvn-3ffg", "summary": "Information Exposure\nThe `have you forgotten your password` links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65791", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.659", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.6584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65836", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3170.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3170.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3170" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-pqv4-xgqh-j8vh", "reference_id": "GHSA-pqv4-xgqh-j8vh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqv4-xgqh-j8vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22057?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3170", "GHSA-pqv4-xgqh-j8vh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5wt-ndvn-3ffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35557?format=api", "vulnerability_id": "VCID-v9v6-ae3e-g3hk", "summary": "Deserialization of Untrusted Data in Archive_Tar\nArchive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98927", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98924", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.76218", "scoring_system": "epss", "scoring_elements": "0.98923", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949" }, { "reference_url": "https://github.com/pear/Archive_Tar", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar" }, { "reference_url": "https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da" }, { "reference_url": "https://github.com/pear/Archive_Tar/issues/33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pear/Archive_Tar/issues/33" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28948", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28948" }, { "reference_url": "https://security.gentoo.org/glsa/202101-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202101-23" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4817", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4817" }, { "reference_url": "https://www.drupal.org/sa-core-2020-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904001", "reference_id": "1904001", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108", "reference_id": "976108", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108" }, { "reference_url": "https://github.com/advisories/GHSA-jh5x-hfhg-78jq", "reference_id": "GHSA-jh5x-hfhg-78jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh5x-hfhg-78jq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6541", "reference_id": "RHSA-2022:6541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6542", "reference_id": "RHSA-2022:6542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7340", "reference_id": "RHSA-2022:7340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7340" }, { "reference_url": "https://usn.ubuntu.com/4654-1/", "reference_id": "USN-4654-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4654-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-1/", "reference_id": "USN-6981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-2/", "reference_id": "USN-6981-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60691?format=api", "purl": "pkg:composer/drupal/core@8.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/201526?format=api", "purl": "pkg:composer/drupal/core@9.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60692?format=api", "purl": "pkg:composer/drupal/core@9.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/222401?format=api", "purl": "pkg:composer/drupal/core@9.1.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1" } ], "aliases": [ "CVE-2020-28948", "GHSA-jh5x-hfhg-78jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9v6-ae3e-g3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55970?format=api", "vulnerability_id": "VCID-vura-3gnb-rybs", "summary": "Drupal Core Open Redirect vulnerability\nOpen Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71045", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.7111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71088", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71071", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71054", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13662" }, { "reference_url": "https://www.drupal.org/sa-core-2020-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-003" }, { "reference_url": "https://github.com/advisories/GHSA-gjqg-9rhv-qj67", "reference_id": "GHSA-gjqg-9rhv-qj67", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjqg-9rhv-qj67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60429?format=api", "purl": "pkg:composer/drupal/core@7.70.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vura-3gnb-rybs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.70.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2020-13662", "GHSA-gjqg-9rhv-qj67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vura-3gnb-rybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19389?format=api", "vulnerability_id": "VCID-wabj-ty5p-pfd6", "summary": "Drupal core Remote Code Execution\nIn Drupal core, when sending email some variables were not being sanitized for shell arguments in `DefaultMailSystem::mail()`, which could lead to remote code execution.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-6mgp-v5cm-ghg5", "reference_id": "GHSA-6mgp-v5cm-ghg5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mgp-v5cm-ghg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60487?format=api", "purl": "pkg:composer/drupal/core@7.60.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.60.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60240?format=api", "purl": "pkg:composer/drupal/core@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32218?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "GHSA-6mgp-v5cm-ghg5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wabj-ty5p-pfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=api", "vulnerability_id": "VCID-we42-mkyk-hfer", "summary": "Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77105", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.7714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77111", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3169.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3169.yaml" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169", "reference_id": "CVE-2016-3169", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169" }, { "reference_url": "https://github.com/advisories/GHSA-q3p9-8728-wq7x", "reference_id": "GHSA-q3p9-8728-wq7x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3p9-8728-wq7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82098?format=api", "purl": "pkg:composer/drupal/core@7.43.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.43.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2016-3169", "GHSA-q3p9-8728-wq7x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-we42-mkyk-hfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12831?format=api", "vulnerability_id": "VCID-wwvq-399y-rfhc", "summary": "Drupal Core Remote Code Execution Vulnerability\nA remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94385", "scoring_system": "epss", "scoring_elements": "0.9997", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4180", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4180" }, { "reference_url": "https://www.drupal.org/sa-core-2018-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-004" }, { "reference_url": "https://www.exploit-db.com/exploits/44542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44542" }, { "reference_url": "https://www.exploit-db.com/exploits/44542/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44542/" }, { "reference_url": "https://www.exploit-db.com/exploits/44557", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44557" }, { "reference_url": "https://www.exploit-db.com/exploits/44557/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44557/" }, { "reference_url": "http://www.securityfocus.com/bid/103985", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securityfocus.com/bid/103985" }, { "reference_url": "http://www.securitytracker.com/id/1040754", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securitytracker.com/id/1040754" }, { "reference_url": "https://security.archlinux.org/ASA-201804-10", "reference_id": "ASA-201804-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-10" }, { "reference_url": "https://security.archlinux.org/AVG-679", "reference_id": "AVG-679", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-679" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb", "reference_id": "CVE-2018-7602", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt" }, { "reference_url": "https://pastebin.com/pRM8nmwj", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://pastebin.com/pRM8nmwj" }, { "reference_url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg", "reference_id": "GHSA-297x-j9pm-xjgg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46011?format=api", "purl": "pkg:composer/drupal/core@7.59.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.59.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46012?format=api", "purl": "pkg:composer/drupal/core@8.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/46013?format=api", "purl": "pkg:composer/drupal/core@8.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.3" } ], "aliases": [ "CVE-2018-7602", "GHSA-297x-j9pm-xjgg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwvq-399y-rfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19393?format=api", "vulnerability_id": "VCID-wzgs-fr3u-cbdn", "summary": "Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar\nThe Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.\n\nMultiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.\n\nThe latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-012" }, { "reference_url": "https://github.com/advisories/GHSA-98h9-727m-44qv", "reference_id": "GHSA-98h9-727m-44qv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98h9-727m-44qv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60489?format=api", "purl": "pkg:composer/drupal/core@7.69.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.69.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59955?format=api", "purl": "pkg:composer/drupal/core@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59956?format=api", "purl": "pkg:composer/drupal/core@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-9qyz-jfgb-5yfs" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-agtf-c53h-2fdx" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-ptxz-rvbt-hqhz" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-rxhd-nkpr-87fm" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1" } ], "aliases": [ "GHSA-98h9-727m-44qv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzgs-fr3u-cbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8834?format=api", "vulnerability_id": "VCID-yare-57j9-j7cs", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nDrupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.595", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5965", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59573", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6932" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-wm86-w3cf-h6vm", "reference_id": "GHSA-wm86-w3cf-h6vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm86-w3cf-h6vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82030?format=api", "purl": "pkg:composer/drupal/core@7.57.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.57.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26566?format=api", "purl": "pkg:composer/drupal/core@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5" } ], "aliases": [ "CVE-2017-6932", "GHSA-wm86-w3cf-h6vm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yare-57j9-j7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7557?format=api", "vulnerability_id": "VCID-yrzt-3m97-53ce", "summary": "Unprivileged access to taxonomy terms\nModules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43991", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3718", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3718" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-p745-347h-hjfw", "reference_id": "GHSA-p745-347h-hjfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p745-347h-hjfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81927?format=api", "purl": "pkg:composer/drupal/core@7.52.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.52.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23294?format=api", "purl": "pkg:composer/drupal/core@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.3" } ], "aliases": [ "CVE-2016-9449", "GHSA-p745-347h-hjfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzt-3m97-53ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12929?format=api", "vulnerability_id": "VCID-zw3u-6ue7-efdf", "summary": "Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57829", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57825", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57854", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25271" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://www.drupal.org/sa-core-2022-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271", "reference_id": "CVE-2022-25271", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271" }, { "reference_url": "https://github.com/advisories/GHSA-fmfv-x8mp-5767", "reference_id": "GHSA-fmfv-x8mp-5767", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmfv-x8mp-5767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80526?format=api", "purl": "pkg:composer/drupal/core@7.88.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.88.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22050?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-kwe1-gm4m-tkgf" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46316?format=api", "purl": "pkg:composer/drupal/core@9.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/46317?format=api", "purl": "pkg:composer/drupal/core@9.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-1qgc-gjdn-9fhk" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q15j-f7qd-2kdg" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6" } ], "aliases": [ "CVE-2022-25271", "GHSA-fmfv-x8mp-5767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zw3u-6ue7-efdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7502?format=api", "vulnerability_id": "VCID-zxqc-67jp-uba7", "summary": "Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.7825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78304", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78295", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78242", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6211" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6211" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-002" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3604", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3604" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/7" }, { "reference_url": "http://www.securityfocus.com/bid/91230", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/91230" }, { "reference_url": "https://github.com/advisories/GHSA-frqf-9qr4-6vxf", "reference_id": "GHSA-frqf-9qr4-6vxf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqf-9qr4-6vxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23302?format=api", "purl": "pkg:composer/drupal/core@7.44.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kwe1-gm4m-tkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.44.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22707?format=api", "purl": "pkg:composer/drupal/core@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-3sr6-86jw-6fb9" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5kh7-v1uc-wfha" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-77zc-1gc8-r7b7" }, { "vulnerability": "VCID-7fs3-gwc7-nkes" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9ss3-mvt3-8bem" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-bkxp-gn34-67av" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-dqf8-ea9f-yber" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-fwbj-ctxz-2bc6" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-jrb8-jnz4-83c8" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-kdnk-7mz5-7ugf" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-qvbt-7e55-4bg4" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-st6v-ch5g-r7h2" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-ummk-h11z-bkaj" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w6cz-mg4v-3udj" }, { "vulnerability": "VCID-wabj-ty5p-pfd6" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-wzgs-fr3u-cbdn" }, { "vulnerability": "VCID-x2as-f9fx-9kff" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0" } ], "aliases": [ "CVE-2016-6211", "GHSA-frqf-9qr4-6vxf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxqc-67jp-uba7" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0" }