Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/22063?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "type": "composer", "namespace": "drupal", "name": "drupal", "version": "8.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.11", "latest_non_vulnerable_version": "11.0.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10221?format=api", "vulnerability_id": "VCID-1922-fwnz-wkbt", "summary": "Improper Privilege Management\nWhen using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65375", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65498", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00488", "scoring_system": "epss", "scoring_elements": "0.65424", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6924" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6924", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6924" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-004" }, { "reference_url": "http://www.securityfocus.com/bid/100368", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/100368" }, { "reference_url": "http://www.securitytracker.com/id/1039200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1039200" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-p8g6-5mg7-9r5q", "reference_id": "GHSA-p8g6-5mg7-9r5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p8g6-5mg7-9r5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24099?format=api", "purl": "pkg:composer/drupal/drupal@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/78755?format=api", "purl": "pkg:composer/drupal/drupal@8.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7" } ], "aliases": [ "CVE-2017-6924", "GHSA-p8g6-5mg7-9r5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1922-fwnz-wkbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7355?format=api", "vulnerability_id": "VCID-2ctt-zm9j-17bx", "summary": "Session data truncation can lead to unserialization of user provided data\nDrupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92178", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92214", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92206", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08219", "scoring_system": "epss", "scoring_elements": "0.92194", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3171" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3171" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-69g8-g9jq-74v7", "reference_id": "GHSA-69g8-g9jq-74v7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69g8-g9jq-74v7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3171", "GHSA-69g8-g9jq-74v7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ctt-zm9j-17bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10639?format=api", "vulnerability_id": "VCID-349d-w26k-mqfw", "summary": "Moderately critical - Third-party libraries - SA-CORE-2019-007\nThe `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09656", "scoring_system": "epss", "scoring_elements": "0.92897", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93175", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10327", "scoring_system": "epss", "scoring_elements": "0.93168", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/36" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4445" }, { "reference_url": "https://www.drupal.org/sa-core-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-007" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-007" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_22" }, { "reference_url": "http://www.securityfocus.com/bid/108302", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831", "reference_id": "CVE-2019-11831", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831" }, { "reference_url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc", "reference_id": "GHSA-xv7v-rf6g-xwrc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36447?format=api", "purl": "pkg:composer/drupal/drupal@8.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/36448?format=api", "purl": "pkg:composer/drupal/drupal@8.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.1" } ], "aliases": [ "CVE-2019-11831", "GHSA-xv7v-rf6g-xwrc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-349d-w26k-mqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7504?format=api", "vulnerability_id": "VCID-381m-cmnk-ykef", "summary": "Information Exposure\nThe Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67474", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67548", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67561", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67495", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67438", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6212" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6212.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6212.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6212.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6212.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6212", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6212" }, { "reference_url": "https://www.drupal.org/node/2749333", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/node/2749333" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-002" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/7" }, { "reference_url": "http://www.securityfocus.com/bid/91230", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/91230" }, { "reference_url": "https://github.com/advisories/GHSA-rfxx-gxwc-923c", "reference_id": "GHSA-rfxx-gxwc-923c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfxx-gxwc-923c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22693?format=api", "purl": "pkg:composer/drupal/drupal@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81771?format=api", "purl": "pkg:composer/drupal/drupal@8.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.3" } ], "aliases": [ "CVE-2016-6212", "GHSA-rfxx-gxwc-923c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-381m-cmnk-ykef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10233?format=api", "vulnerability_id": "VCID-3fka-y25d-m7a3", "summary": "Improper Input Validation\nA remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98913", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98912", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98915", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-002" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46", "reference_id": "GHSA-8cw5-rv98-5c46", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78855?format=api", "purl": "pkg:composer/drupal/drupal@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34658?format=api", "purl": "pkg:composer/drupal/drupal@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6" } ], "aliases": [ "CVE-2019-6339", "GHSA-8cw5-rv98-5c46" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3fka-y25d-m7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10242?format=api", "vulnerability_id": "VCID-3hf4-tvxn-zyh4", "summary": "Files uploaded by anonymous users accessed by other users\nPrivate files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82674", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82704", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3897", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-3897" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99219" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg", "reference_id": "GHSA-58f3-cx8p-h8jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6922", "GHSA-58f3-cx8p-h8jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hf4-tvxn-zyh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8826?format=api", "vulnerability_id": "VCID-48ut-ykkc-83fx", "summary": "Comment reply form allows access to restricted content\nUsers with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.", "references": [ { "reference_url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58437", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58571", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58567", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r", "reference_id": "GHSA-2p28-5mvp-2j2r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6926", "GHSA-2p28-5mvp-2j2r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48ut-ykkc-83fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8983?format=api", "vulnerability_id": "VCID-4aer-46u2-23f6", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58821", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58698", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58815", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58822", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9861" }, { "reference_url": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-003" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/103924", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103924" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:enhanced_image:*:*:*:*:*:ckeditor:*:*", "reference_id": "cpe:2.3:a:ckeditor:enhanced_image:*:*:*:*:*:ckeditor:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:enhanced_image:*:*:*:*:*:ckeditor:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9861", "reference_id": "CVE-2018-9861", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9861" }, { "reference_url": "https://github.com/advisories/GHSA-g78h-pf65-46rv", "reference_id": "GHSA-g78h-pf65-46rv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g78h-pf65-46rv" }, { "reference_url": "https://usn.ubuntu.com/5340-1/", "reference_id": "USN-5340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5340-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5340-2/", "reference_id": "USN-USN-5340-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5340-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26993?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/26995?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "CVE-2018-9861", "GHSA-g78h-pf65-46rv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4aer-46u2-23f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7519?format=api", "vulnerability_id": "VCID-4wwt-vt76-dbe1", "summary": "Cross-site Scripting in HTTP exceptions\nAn attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.6002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60079", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60065", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60015", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7571" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7571", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7571" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-vhg8-x858-7wq6", "reference_id": "GHSA-vhg8-x858-7wq6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhg8-x858-7wq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7571", "GHSA-vhg8-x858-7wq6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wwt-vt76-dbe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7353?format=api", "vulnerability_id": "VCID-53h1-sj47-gugn", "summary": "Improper Access Control\nThe File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52637", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5275", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52706", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5268", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3162.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3162.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3162" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-w2pj-c8x5-jvg2", "reference_id": "GHSA-w2pj-c8x5-jvg2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2pj-c8x5-jvg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3162", "GHSA-w2pj-c8x5-jvg2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53h1-sj47-gugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10460?format=api", "vulnerability_id": "VCID-565p-mgqe-gkfc", "summary": "Cross-site Scripting vulnerability in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35387?format=api", "purl": "pkg:composer/drupal/drupal@8.6.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.12" } ], "aliases": [ "2019-03-20" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-565p-mgqe-gkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19508?format=api", "vulnerability_id": "VCID-5tqs-qmqn-gug5", "summary": "Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution\nThe Contextual Links module doesn't sufficiently validate the requested contextual links.\nThis vulnerability is mitigated by the fact that an attacker must have a role with the permission \"access contextual links\".", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-jjx7-8462-w4m4", "reference_id": "GHSA-jjx7-8462-w4m4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjx7-8462-w4m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59990?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-jjx7-8462-w4m4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tqs-qmqn-gug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10652?format=api", "vulnerability_id": "VCID-636u-5bdw-puh4", "summary": "Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58814", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58663", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2" }, { "reference_url": "https://www.drupal.org/sa-core-2019-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-005" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909" }, { "reference_url": "https://symfony.com/cve-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10909" }, { "reference_url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine", "reference_id": "CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine" }, { "reference_url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2", "reference_id": "GHSA-g996-q5r8-w7g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36482?format=api", "purl": "pkg:composer/drupal/drupal@8.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/36483?format=api", "purl": "pkg:composer/drupal/drupal@8.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15" } ], "aliases": [ "CVE-2019-10909", "GHSA-g996-q5r8-w7g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17391?format=api", "vulnerability_id": "VCID-6ck5-9e5b-w3ay", "summary": "Improper access control\nIn some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59071", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59123", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf" }, { "reference_url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116" }, { "reference_url": "https://www.drupal.org/sa-core-2022-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/" } ], "url": "https://www.drupal.org/sa-core-2022-012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275", "reference_id": "CVE-2022-25275", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml", "reference_id": "CVE-2022-25275.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3", "reference_id": "GHSA-xh3v-6f9j-wxw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57338?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57339?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25275", "GHSA-xh3v-6f9j-wxw3", "GMS-2022-3362" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ck5-9e5b-w3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11348?format=api", "vulnerability_id": "VCID-6m8x-cfzp-tkf4", "summary": "Drupal core Unrestricted Upload of File with Dangerous Type\nDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89078", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89133", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89122", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89102", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04504", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671" }, { "reference_url": "https://www.drupal.org/sa-core-2020-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://www.drupal.org/sa-core-2020-012" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/", "reference_id": "5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671", "reference_id": "CVE-2020-13671", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw", "reference_id": "GHSA-68jc-v27h-vhmw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/", "reference_id": "KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/" }, { "reference_url": "https://usn.ubuntu.com/6981-1/", "reference_id": "USN-6981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-2/", "reference_id": "USN-6981-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40771?format=api", "purl": "pkg:composer/drupal/drupal@8.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/40772?format=api", "purl": "pkg:composer/drupal/drupal@8.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/40773?format=api", "purl": "pkg:composer/drupal/drupal@9.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8" } ], "aliases": [ "CVE-2020-13671", "GHSA-68jc-v27h-vhmw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19063?format=api", "vulnerability_id": "VCID-8nda-kjr2-ufd4", "summary": "Drupal core Remote Code Execution\nIn Drupal core, when sending email some variables were not being sanitized for shell arguments in `DefaultMailSystem::mail()`, which could lead to remote code execution.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-jf8c-36vw-98x4", "reference_id": "GHSA-jf8c-36vw-98x4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jf8c-36vw-98x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59990?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-jf8c-36vw-98x4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nda-kjr2-ufd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8827?format=api", "vulnerability_id": "VCID-9f24-vqyt-r7dq", "summary": "Language fallback can be incorrect on multilingual sites with node access restrictions\nWhen using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.6218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62125", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62211", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62201", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6930" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6930", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6930" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930" }, { "reference_url": "https://github.com/advisories/GHSA-3327-jr93-7hq3", "reference_id": "GHSA-3327-jr93-7hq3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3327-jr93-7hq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6930", "GHSA-3327-jr93-7hq3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f24-vqyt-r7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8967?format=api", "vulnerability_id": "VCID-9vdz-1jpq-kue3", "summary": "Cross-site Scripting\nXSS vulnerabiltiy in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26993?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/168767?format=api", "purl": "pkg:composer/drupal/drupal@8.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26995?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "2018-04-18" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vdz-1jpq-kue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7358?format=api", "vulnerability_id": "VCID-9wt5-xe6d-n3cb", "summary": "Open redirect via path manipulation\nDrupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71951", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71978", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.71958", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3164.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3164.yaml" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164", "reference_id": "CVE-2016-3164", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164" }, { "reference_url": "https://github.com/advisories/GHSA-836p-6p4j-35cg", "reference_id": "GHSA-836p-6p4j-35cg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-836p-6p4j-35cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3164", "GHSA-836p-6p4j-35cg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wt5-xe6d-n3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17402?format=api", "vulnerability_id": "VCID-bbzr-hbhv-yyee", "summary": "Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51563", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51523", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51624", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51574", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51536", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2022-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/" } ], "url": "https://www.drupal.org/sa-core-2022-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273", "reference_id": "CVE-2022-25273", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273" }, { "reference_url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9", "reference_id": "GHSA-g36h-4jr6-qmm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57361?format=api", "purl": "pkg:composer/drupal/drupal@9.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/57351?format=api", "purl": "pkg:composer/drupal/drupal@9.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12" } ], "aliases": [ "CVE-2022-25273", "GHSA-g36h-4jr6-qmm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbzr-hbhv-yyee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9962?format=api", "vulnerability_id": "VCID-c9dm-17vt-4bbc", "summary": "Improper Access Control in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "2018-10-17-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9dm-17vt-4bbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10229?format=api", "vulnerability_id": "VCID-cucx-jfqf-pkd1", "summary": "Deserialization of Untrusted Data\nDrupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77504", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77507", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.7748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77455", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-001" }, { "reference_url": "http://www.securityfocus.com/bid/106706", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp", "reference_id": "GHSA-6rmq-x2hv-vxpp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78855?format=api", "purl": "pkg:composer/drupal/drupal@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34658?format=api", "purl": "pkg:composer/drupal/drupal@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6" } ], "aliases": [ "CVE-2019-6338", "GHSA-6rmq-x2hv-vxpp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cucx-jfqf-pkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7849?format=api", "vulnerability_id": "VCID-d4qd-ut89-gbf4", "summary": "Remote code execution\nA 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87259", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.87257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.8725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03314", "scoring_system": "epss", "scoring_elements": "0.8723", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6381" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml" }, { "reference_url": "https://www.drupal.org/SA-2017-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-2017-001" }, { "reference_url": "http://www.securityfocus.com/bid/96919", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96919" }, { "reference_url": "http://www.securitytracker.com/id/1038058", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038058" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6381", "reference_id": "CVE-2017-6381", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6381" }, { "reference_url": "https://github.com/advisories/GHSA-rhx9-3qf7-r3j7", "reference_id": "GHSA-rhx9-3qf7-r3j7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhx9-3qf7-r3j7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/156033?format=api", "purl": "pkg:composer/drupal/drupal@8.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/157702?format=api", "purl": "pkg:composer/drupal/drupal@8.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23958?format=api", "purl": "pkg:composer/drupal/drupal@8.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23954?format=api", "purl": "pkg:composer/drupal/drupal@8.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.7" } ], "aliases": [ "CVE-2017-6381", "GHSA-rhx9-3qf7-r3j7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4qd-ut89-gbf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17394?format=api", "vulnerability_id": "VCID-dgjq-y5zj-cud1", "summary": "Improper Access Control\nUnder certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63697", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63749", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63766", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.6378", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63765", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2022-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/" } ], "url": "https://www.drupal.org/sa-core-2022-013" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278", "reference_id": "CVE-2022-25278", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml", "reference_id": "CVE-2022-25278.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85", "reference_id": "GHSA-cfh2-7f6h-3m85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57338?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57339?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25278", "GHSA-cfh2-7f6h-3m85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgjq-y5zj-cud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10488?format=api", "vulnerability_id": "VCID-djgn-ezxp-37eu", "summary": "Cross-site Scripting\nUnder certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9765", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97634", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-004" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341", "reference_id": "CVE-2019-6341", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341" }, { "reference_url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p", "reference_id": "GHSA-cmmh-8mwp-gq5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35606?format=api", "purl": "pkg:composer/drupal/drupal@8.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35607?format=api", "purl": "pkg:composer/drupal/drupal@8.6.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.13" } ], "aliases": [ "CVE-2019-6341", "GHSA-cmmh-8mwp-gq5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djgn-ezxp-37eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7354?format=api", "vulnerability_id": "VCID-en3b-g3f3-a3e3", "summary": "Brute force amplification attacks via XML-RPC\nThe XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74918", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74957", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74967", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74965", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.7492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74946", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74915", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3163.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3163.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3163" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h3r9-pjmr-f938", "reference_id": "GHSA-h3r9-pjmr-f938", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3r9-pjmr-f938" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3163", "GHSA-h3r9-pjmr-f938" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-en3b-g3f3-a3e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10219?format=api", "vulnerability_id": "VCID-fm5k-u7s6-wfhb", "summary": "Entity Access Bypass\nIn versions of Drupal 8 core ; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69873", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69861", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69938", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69953", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69913", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69865", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6925" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-004" }, { "reference_url": "http://www.securityfocus.com/bid/100368", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/100368" }, { "reference_url": "http://www.securitytracker.com/id/1039200", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1039200" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6925", "reference_id": "CVE-2017-6925", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6925" }, { "reference_url": "https://github.com/advisories/GHSA-f4qx-jqfq-7785", "reference_id": "GHSA-f4qx-jqfq-7785", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4qx-jqfq-7785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24099?format=api", "purl": "pkg:composer/drupal/drupal@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/78755?format=api", "purl": "pkg:composer/drupal/drupal@8.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7" } ], "aliases": [ "CVE-2017-6925", "GHSA-f4qx-jqfq-7785" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fm5k-u7s6-wfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8828?format=api", "vulnerability_id": "VCID-g1rp-twzp-63e1", "summary": "Cross-site Scripting\nA jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69505", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69567", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.6955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.6952", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69494", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6929" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-5vpr-v24w-mmjj", "reference_id": "GHSA-5vpr-v24w-mmjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vpr-v24w-mmjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26578?format=api", "purl": "pkg:composer/drupal/drupal@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-cuk6-hskr-yyau" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6929", "GHSA-5vpr-v24w-mmjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1rp-twzp-63e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15382?format=api", "vulnerability_id": "VCID-ga35-289v-vqhr", "summary": "Drupal Core Remote Code Execution Vulnerability\nDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94489", "scoring_system": "epss", "scoring_elements": "1.0", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600" }, { "reference_url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://greysec.net/showthread.php?tid=2912&pid=10561", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://greysec.net/showthread.php?tid=2912&pid=10561" }, { "reference_url": "https://groups.drupal.org/security/faq-2018-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://groups.drupal.org/security/faq-2018-002" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2" }, { "reference_url": "https://twitter.com/arancaytar/status/979090719003627521", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/arancaytar/status/979090719003627521" }, { "reference_url": "https://twitter.com/RicterZ/status/979567469726613504", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/979567469726613504" }, { "reference_url": "https://twitter.com/RicterZ/status/984495201354854401", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/984495201354854401" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4156", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4156" }, { "reference_url": "https://www.drupal.org/sa-core-2018-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-002" }, { "reference_url": "https://www.exploit-db.com/exploits/44448", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44448" }, { "reference_url": "https://www.exploit-db.com/exploits/44449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44449" }, { "reference_url": "https://www.exploit-db.com/exploits/44482", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44482" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_18_17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.synology.com/support/security/Synology_SA_18_17" }, { "reference_url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know" }, { "reference_url": "http://www.securityfocus.com/bid/103534", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securityfocus.com/bid/103534" }, { "reference_url": "http://www.securitytracker.com/id/1040598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securitytracker.com/id/1040598" }, { "reference_url": "https://www.exploit-db.com/exploits/44448/", "reference_id": "44448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44448/" }, { "reference_url": "https://www.exploit-db.com/exploits/44449/", "reference_id": "44449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44449/" }, { "reference_url": "https://www.exploit-db.com/exploits/44482/", "reference_id": "44482", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44482/" }, { "reference_url": "https://security.archlinux.org/ASA-201804-1", "reference_id": "ASA-201804-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-1" }, { "reference_url": "https://security.archlinux.org/AVG-665", "reference_id": "AVG-665", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-665" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/a2u/CVE-2018-7600" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py" }, { "reference_url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600" }, { "reference_url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE", "reference_id": "CVE-2018-7600-DRUPAL-RCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7fh9-933g-885p", "reference_id": "GHSA-7fh9-933g-885p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fh9-933g-885p" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/", "reference_id": "over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/", "reference_id": "uncovering-drupalgeddon-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54382?format=api", "purl": "pkg:composer/drupal/drupal@8.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54383?format=api", "purl": "pkg:composer/drupal/drupal@8.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54384?format=api", "purl": "pkg:composer/drupal/drupal@8.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.1" } ], "aliases": [ "CVE-2018-7600", "GHSA-7fh9-933g-885p" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ga35-289v-vqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9964?format=api", "vulnerability_id": "VCID-gzcu-sbks-wyfa", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "2018-10-17-2" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzcu-sbks-wyfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7349?format=api", "vulnerability_id": "VCID-h6yp-zj5e-zkbm", "summary": "HTTP header injection using line breaks\nCRLF injection vulnerability in the `drupal_set_header` function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65882", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65852", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65772", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3166" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3166.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3166.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3166.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3166.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3166" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-fg5q-r2q5-qmh3", "reference_id": "GHSA-fg5q-r2q5-qmh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg5q-r2q5-qmh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3166", "GHSA-fg5q-r2q5-qmh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6yp-zj5e-zkbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9732?format=api", "vulnerability_id": "VCID-hzr8-ttbu-ebhg", "summary": "PECL YAML parser unsafe object handling\nPECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98518", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98511", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98507", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6920" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6920", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6920" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99211", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99211" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://github.com/advisories/GHSA-9c24-g32g-35rj", "reference_id": "GHSA-9c24-g32g-35rj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c24-g32g-35rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6920", "GHSA-9c24-g32g-35rj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzr8-ttbu-ebhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19542?format=api", "vulnerability_id": "VCID-jfq8-xxwa-mkd1", "summary": "Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar\nThe Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.\n\nMultiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.\n\nThe latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-012" }, { "reference_url": "https://github.com/advisories/GHSA-m9fv-whq2-6wmc", "reference_id": "GHSA-m9fv-whq2-6wmc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9fv-whq2-6wmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59854?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59855?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-m9fv-whq2-6wmc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfq8-xxwa-mkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8836?format=api", "vulnerability_id": "VCID-jnu7-1j9c-dqck", "summary": "JavaScript cross-site scripting prevention is incomplete\nDrupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80297", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.8035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80313", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927" }, { "reference_url": "http://www.securityfocus.com/bid/103138", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103138" }, { "reference_url": "https://github.com/advisories/GHSA-585j-5449-mf5m", "reference_id": "GHSA-585j-5449-mf5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-585j-5449-mf5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6927", "GHSA-585j-5449-mf5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnu7-1j9c-dqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12878?format=api", "vulnerability_id": "VCID-k1gx-nznx-7qd6", "summary": "Drupal core Cross-site Scripting (XSS) vulnerability\nCross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68413", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68367", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-002" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672", "reference_id": "CVE-2020-13672", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3m36-mjwj-352c", "reference_id": "GHSA-3m36-mjwj-352c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m36-mjwj-352c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46134?format=api", "purl": "pkg:composer/drupal/drupal@8.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/46136?format=api", "purl": "pkg:composer/drupal/drupal@9.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/46137?format=api", "purl": "pkg:composer/drupal/drupal@9.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.7" } ], "aliases": [ "CVE-2020-13672", "GHSA-3m36-mjwj-352c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gx-nznx-7qd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19395?format=api", "vulnerability_id": "VCID-kh51-g4cv-tqaw", "summary": "Drupal core uses a vulnerable Third-party library CKEditor\nThe Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations.\n\nVulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.\n\nThe latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2020-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-001" }, { "reference_url": "https://github.com/advisories/GHSA-337w-fxpq-5m34", "reference_id": "GHSA-337w-fxpq-5m34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-337w-fxpq-5m34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60491?format=api", "purl": "pkg:composer/drupal/drupal@8.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60492?format=api", "purl": "pkg:composer/drupal/drupal@8.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4" } ], "aliases": [ "GHSA-337w-fxpq-5m34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kh51-g4cv-tqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10220?format=api", "vulnerability_id": "VCID-krhy-kg1b-rfbk", "summary": "File REST resource does not properly validate\nThe file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64327", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64249", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6921" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6921", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6921" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99222", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99222" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h377-287m-w2r9", "reference_id": "GHSA-h377-287m-w2r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h377-287m-w2r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6921", "GHSA-h377-287m-w2r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krhy-kg1b-rfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17401?format=api", "vulnerability_id": "VCID-mapb-hsvc-2khc", "summary": "Unrestricted Upload of File with Dangerous Type\nDrupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5268", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5275", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52706", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17" }, { "reference_url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a" }, { "reference_url": "https://www.drupal.org/sa-core-2022-014", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/" } ], "url": "https://www.drupal.org/sa-core-2022-014" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277", "reference_id": "CVE-2022-25277", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml", "reference_id": "CVE-2022-25277.YAML", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6955-67hm-vjjq", "reference_id": "GHSA-6955-67hm-vjjq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6955-67hm-vjjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57338?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57339?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25277", "GHSA-6955-67hm-vjjq", "GMS-2022-3361" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mapb-hsvc-2khc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7356?format=api", "vulnerability_id": "VCID-mt37-qzh7-gyfv", "summary": "Reflected file download vulnerability\nThe System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67369", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67446", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.6748", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67404", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3168.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3168.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3168.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3168.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:C/I:C/A:C" }, { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3168" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-qqxc-cppg-4xp8", "reference_id": "GHSA-qqxc-cppg-4xp8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqxc-cppg-4xp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3168", "GHSA-qqxc-cppg-4xp8" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt37-qzh7-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12877?format=api", "vulnerability_id": "VCID-n119-gta2-kfg1", "summary": "Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor\nCross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42418", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42538", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42506", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42455", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42518", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42489", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13669" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2020-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13669", "reference_id": "CVE-2020-13669", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13669" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml", "reference_id": "CVE-2020-13669.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml", "reference_id": "CVE-2020-13669.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-c533-c843-67h8", "reference_id": "GHSA-c533-c843-67h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c533-c843-67h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46124?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/46125?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/46126?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13669", "GHSA-c533-c843-67h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n119-gta2-kfg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17393?format=api", "vulnerability_id": "VCID-n7un-zgqv-jfef", "summary": "Lack of domain validation in Druple core\nThe Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79371", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.7933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79365", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79374", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79397", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79382", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2022-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-015" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276", "reference_id": "CVE-2022-25276", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276" }, { "reference_url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx", "reference_id": "GHSA-4wfq-jc9h-vpcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57338?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57339?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-bk92-66re-dkc5" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25276", "GHSA-4wfq-jc9h-vpcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7un-zgqv-jfef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8893?format=api", "vulnerability_id": "VCID-nc36-atc6-yua6", "summary": "XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26993?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/26995?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "SA-CORE-2018-003" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc36-atc6-yua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9971?format=api", "vulnerability_id": "VCID-nd8n-5dsu-2fbp", "summary": "Code Injection\nInjection in `DefaultMailSystem::mail()`.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "2018-10-17-4" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd8n-5dsu-2fbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19997?format=api", "vulnerability_id": "VCID-pk74-yy1n-8qck", "summary": "Drupal core Access control bypass\nThe Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.\n\n### Solution: \nIf you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.\nIf you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.\nVersions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.\n\nAlternatively, you may mitigate this vulnerability by unchecking the \"Enable advanced UI\" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.)", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-011" }, { "reference_url": "https://github.com/advisories/GHSA-5x28-3f32-x523", "reference_id": "GHSA-5x28-3f32-x523", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5x28-3f32-x523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59854?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59855?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-5x28-3f32-x523" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pk74-yy1n-8qck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19057?format=api", "vulnerability_id": "VCID-r8pv-9upr-y7gd", "summary": "Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library\nThe Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.\n\nVulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2021-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-005" }, { "reference_url": "https://github.com/advisories/GHSA-qf65-hph9-453r", "reference_id": "GHSA-qf65-hph9-453r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf65-hph9-453r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59977?format=api", "purl": "pkg:composer/drupal/drupal@8.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/59981?format=api", "purl": "pkg:composer/drupal/drupal@9.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/59982?format=api", "purl": "pkg:composer/drupal/drupal@9.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-b4yh-gyrx-3yhh" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gypk-ukbc-7qe3" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-sbmj-9trz-2ybf" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-zw3u-6ue7-efdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4" } ], "aliases": [ "GHSA-qf65-hph9-453r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8pv-9upr-y7gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14777?format=api", "vulnerability_id": "VCID-rhj7-dy7q-jkhw", "summary": "Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94436", "scoring_system": "epss", "scoring_elements": "0.99988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.94436", "scoring_system": "epss", "scoring_elements": "0.99987", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46452/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46452/" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46459/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46459/" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "https://www.exploit-db.com/exploits/46510/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46510/" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" }, { "reference_url": "http://www.securityfocus.com/bid/107106", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "http://www.securityfocus.com/bid/107106" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb" }, { "reference_url": "https://www.ambionics.io/blog/drupal8-rce", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://www.ambionics.io/blog/drupal8-rce" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53812?format=api", "purl": "pkg:composer/drupal/drupal@8.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/53813?format=api", "purl": "pkg:composer/drupal/drupal@8.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10" } ], "aliases": [ "CVE-2019-6340", "GHSA-3gx6-h57h-rm27" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj7-dy7q-jkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9976?format=api", "vulnerability_id": "VCID-rr4q-f5cv-nkah", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nAnonymous Open Redirect in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "2018-10-17-3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr4q-f5cv-nkah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46066?format=api", "vulnerability_id": "VCID-s8u8-xbdk-87dj", "summary": "ckeditor4 vulnerable to cross-site scripting\nA cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.9779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97788", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829" }, { "reference_url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829" }, { "reference_url": "https://github.com/ckeditor/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829" }, { "reference_url": "https://www.drupal.org/sa-core-2021-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-003" }, { "reference_url": "https://www.npmjs.com/package/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/ckeditor4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217", "reference_id": "1015217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217" }, { "reference_url": "https://security.archlinux.org/ASA-202106-35", "reference_id": "ASA-202106-35", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-35" }, { "reference_url": "https://security.archlinux.org/AVG-2069", "reference_id": "AVG-2069", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2069" }, { "reference_url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388", "reference_id": "GHSA-rgx6-rjj4-c388", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388" }, { "reference_url": "https://usn.ubuntu.com/5340-1/", "reference_id": "USN-5340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5340-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5340-2/", "reference_id": "USN-USN-5340-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5340-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59977?format=api", "purl": "pkg:composer/drupal/drupal@8.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/76652?format=api", "purl": "pkg:composer/drupal/drupal@9.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/76653?format=api", "purl": "pkg:composer/drupal/drupal@9.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.9" } ], "aliases": [ "CVE-2021-33829", "GHSA-rgx6-rjj4-c388" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8u8-xbdk-87dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8830?format=api", "vulnerability_id": "VCID-s9kv-9qfu-gbdq", "summary": "Incorrect Permission Assignment for Critical Resource\nWhen using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51075", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.5117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.5111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51153", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51129", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928", "reference_id": "CVE-2017-6928", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928" }, { "reference_url": "https://github.com/advisories/GHSA-66mv-q8r2-hj8w", "reference_id": "GHSA-66mv-q8r2-hj8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66mv-q8r2-hj8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6928", "GHSA-66mv-q8r2-hj8w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9kv-9qfu-gbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7558?format=api", "vulnerability_id": "VCID-sktb-khbq-cuaq", "summary": "Incorrect cache context on password reset page\nThe user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45439", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4546", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45365", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45452", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45451", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45459", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45405", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9450" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9450", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9450" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-98w5-wqp9-w466", "reference_id": "GHSA-98w5-wqp9-w466", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98w5-wqp9-w466" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9450", "GHSA-98w5-wqp9-w466" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sktb-khbq-cuaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55638?format=api", "vulnerability_id": "VCID-ssyn-dxp9-3kdq", "summary": "Drupal Core Cross-Site Request Forgery (CSRF) vulnerability\nCross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4453", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44638", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44567", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693" }, { "reference_url": "https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6" }, { "reference_url": "https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13663", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13663" }, { "reference_url": "https://www.drupal.org/sa-core-2020-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-004" }, { "reference_url": "https://github.com/advisories/GHSA-m648-hpf8-qcjw", "reference_id": "GHSA-m648-hpf8-qcjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m648-hpf8-qcjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81981?format=api", "purl": "pkg:composer/drupal/drupal@8.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81982?format=api", "purl": "pkg:composer/drupal/drupal@8.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/81983?format=api", "purl": "pkg:composer/drupal/drupal@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.1" } ], "aliases": [ "CVE-2020-13663", "GHSA-m648-hpf8-qcjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssyn-dxp9-3kdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19375?format=api", "vulnerability_id": "VCID-t84c-8r34-57b9", "summary": "Drupal Content moderation Access bypass\nIn some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-86xw-vmcx-9mj4", "reference_id": "GHSA-86xw-vmcx-9mj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86xw-vmcx-9mj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59990?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-86xw-vmcx-9mj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t84c-8r34-57b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7351?format=api", "vulnerability_id": "VCID-tk6t-srar-h7a8", "summary": "Improper Access Control\nThe Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69691", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69615", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3165" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3165.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3165.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3165.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3165.yaml" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3165", "reference_id": "CVE-2016-3165", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3165" }, { "reference_url": "https://github.com/advisories/GHSA-4gh5-3hqj-x3pj", "reference_id": "GHSA-4gh5-3hqj-x3pj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gh5-3hqj-x3pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3165", "GHSA-4gh5-3hqj-x3pj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6t-srar-h7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19000?format=api", "vulnerability_id": "VCID-ty3y-k9t2-qyba", "summary": "Drupal Malicious file upload with filenames stating with dot\nDrupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.\n\nUsers with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.\n\nAfter this fix, file_save_upload() now trims leading and trailing dots from filenames.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-010" }, { "reference_url": "https://github.com/advisories/GHSA-58xv-7h9r-mx3c", "reference_id": "GHSA-58xv-7h9r-mx3c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58xv-7h9r-mx3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59854?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59855?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-58xv-7h9r-mx3c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ty3y-k9t2-qyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9966?format=api", "vulnerability_id": "VCID-u1xx-aazv-bkg5", "summary": "Improper Access Control\nIn some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "2018-10-17-5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1xx-aazv-bkg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15838?format=api", "vulnerability_id": "VCID-u4w3-usvb-jyf6", "summary": "Drupal Full Path Disclosure\n`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86443", "scoring_system": "epss", "scoring_elements": "0.99404", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.86443", "scoring_system": "epss", "scoring_elements": "0.99405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55107?format=api", "purl": "pkg:composer/drupal/drupal@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/703873?format=api", "purl": "pkg:composer/drupal/drupal@10.3.0-beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55097?format=api", "purl": "pkg:composer/drupal/drupal@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/703876?format=api", "purl": "pkg:composer/drupal/drupal@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55099?format=api", "purl": "pkg:composer/drupal/drupal@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7348?format=api", "vulnerability_id": "VCID-u5wt-ndvn-3ffg", "summary": "Information Exposure\nThe `have you forgotten your password` links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65791", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.659", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.6584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65836", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3170.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3170.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3170" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-pqv4-xgqh-j8vh", "reference_id": "GHSA-pqv4-xgqh-j8vh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqv4-xgqh-j8vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3170", "GHSA-pqv4-xgqh-j8vh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5wt-ndvn-3ffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12881?format=api", "vulnerability_id": "VCID-uqcw-p8g2-cfd2", "summary": "Exposure of Resource to Wrong Sphere\nInformation Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62226", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62283", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62334", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62355", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62366", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62329", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62279", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13670" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d" }, { "reference_url": "https://www.drupal.org/sa-core-2020-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13670", "reference_id": "CVE-2020-13670", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13670" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml", "reference_id": "CVE-2020-13670.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml", "reference_id": "CVE-2020-13670.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mmjr-5q74-p3m4", "reference_id": "GHSA-mmjr-5q74-p3m4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmjr-5q74-p3m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46124?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/46125?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/46126?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13670", "GHSA-mmjr-5q74-p3m4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqcw-p8g2-cfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19987?format=api", "vulnerability_id": "VCID-utyg-huhu-2ucq", "summary": "Drupal External URL injection through URL aliases leading to Open Redirect\nThe path module in Drupal allows users with the 'administer paths' to create pretty URLs for content.\nIn certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-r67r-42wx-c8r7", "reference_id": "GHSA-r67r-42wx-c8r7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r67r-42wx-c8r7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59990?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-r67r-42wx-c8r7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utyg-huhu-2ucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14839?format=api", "vulnerability_id": "VCID-vevm-4sfk-f7gq", "summary": "Drupal core Access bypass\nDrupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74856", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74877", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74853", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74806", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74839", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51098?format=api", "purl": "pkg:composer/drupal/drupal@10.2.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51103?format=api", "purl": "pkg:composer/drupal/drupal@10.3.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51164?format=api", "purl": "pkg:composer/drupal/drupal@11.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19347?format=api", "vulnerability_id": "VCID-vq5y-hdw3-nucj", "summary": "Drupal Anonymous Open Redirect\nDrupal core and contributed modules frequently use a \"destination\" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-x6v2-xmrq-574j", "reference_id": "GHSA-x6v2-xmrq-574j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6v2-xmrq-574j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59990?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32217?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-x6v2-xmrq-574j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vq5y-hdw3-nucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7560?format=api", "vulnerability_id": "VCID-vy1y-zkf3-4ue4", "summary": "Denial of service via transliterate mechanism\nA specially crafted URL can cause a denial of service via the transliterate mechanism.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59356", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5939", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59245", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9452" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9452", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9452" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-jpj8-49hr-wcwv", "reference_id": "GHSA-jpj8-49hr-wcwv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jpj8-49hr-wcwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9452", "GHSA-jpj8-49hr-wcwv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1y-zkf3-4ue4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19320?format=api", "vulnerability_id": "VCID-w3q4-838v-97ck", "summary": "Drupal core Denial of Service\nA visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-009" }, { "reference_url": "https://github.com/advisories/GHSA-w333-5f96-mjrr", "reference_id": "GHSA-w333-5f96-mjrr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w333-5f96-mjrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59854?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59855?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-5618-53yg-8qh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-cvxp-ctj9-guej" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nj3a-eb59-jygs" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-w333-5f96-mjrr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3q4-838v-97ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13472?format=api", "vulnerability_id": "VCID-wbuz-qcp3-43aq", "summary": "Improper Input Validation\nguzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.7614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76143", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76142", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76095", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76116", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml" }, { "reference_url": "https://github.com/guzzle/psr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7" }, { "reference_url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" }, { "reference_url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" }, { "reference_url": "https://www.drupal.org/sa-core-2022-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://www.drupal.org/sa-core-2022-006" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236", "reference_id": "1008236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775", "reference_id": "CVE-2022-24775", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" }, { "reference_url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://usn.ubuntu.com/6670-1/", "reference_id": "USN-6670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48007?format=api", "purl": "pkg:composer/drupal/drupal@9.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/290666?format=api", "purl": "pkg:composer/drupal/drupal@9.3.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/48009?format=api", "purl": "pkg:composer/drupal/drupal@9.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-1qgc-gjdn-9fhk" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/290669?format=api", "purl": "pkg:composer/drupal/drupal@10.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.0.0-alpha1" } ], "aliases": [ "CVE-2022-24775", "GHSA-q7rv-6hp3-vh96" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19335?format=api", "vulnerability_id": "VCID-wbvy-zrtk-audw", "summary": "Drupal core Arbitrary PHP code execution\nThe Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:\nCVE-2020-28948\nCVE-2020-28949\n\nMultiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.\n\nTo mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2020-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-013" }, { "reference_url": "https://github.com/advisories/GHSA-j66p-fvp2-fxhj", "reference_id": "GHSA-j66p-fvp2-fxhj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66p-fvp2-fxhj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60400?format=api", "purl": "pkg:composer/drupal/drupal@8.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60401?format=api", "purl": "pkg:composer/drupal/drupal@8.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/60402?format=api", "purl": "pkg:composer/drupal/drupal@9.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9" } ], "aliases": [ "GHSA-j66p-fvp2-fxhj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbvy-zrtk-audw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=api", "vulnerability_id": "VCID-we42-mkyk-hfer", "summary": "Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77105", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.7714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01016", "scoring_system": "epss", "scoring_elements": "0.77111", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3170" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3169.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3169.yaml" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169", "reference_id": "CVE-2016-3169", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169" }, { "reference_url": "https://github.com/advisories/GHSA-q3p9-8728-wq7x", "reference_id": "GHSA-q3p9-8728-wq7x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3p9-8728-wq7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3169", "GHSA-q3p9-8728-wq7x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-we42-mkyk-hfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12885?format=api", "vulnerability_id": "VCID-ww44-hb2y-mfd5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAccess Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44824", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44911", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44922", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44868", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13668" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8" }, { "reference_url": "https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb" }, { "reference_url": "https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2" }, { "reference_url": "https://www.drupal.org/sa-core-2020-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13668", "reference_id": "CVE-2020-13668", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13668" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml", "reference_id": "CVE-2020-13668.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml", "reference_id": "CVE-2020-13668.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m6q5-wv4x-fv6h", "reference_id": "GHSA-m6q5-wv4x-fv6h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6q5-wv4x-fv6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46124?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/46125?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/46126?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kc7d-5k6x-77bp" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13668", "GHSA-m6q5-wv4x-fv6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ww44-hb2y-mfd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12831?format=api", "vulnerability_id": "VCID-wwvq-399y-rfhc", "summary": "Drupal Core Remote Code Execution Vulnerability\nA remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94385", "scoring_system": "epss", "scoring_elements": "0.9997", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4180", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4180" }, { "reference_url": "https://www.drupal.org/sa-core-2018-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-004" }, { "reference_url": "https://www.exploit-db.com/exploits/44542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44542" }, { "reference_url": "https://www.exploit-db.com/exploits/44542/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44542/" }, { "reference_url": "https://www.exploit-db.com/exploits/44557", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44557" }, { "reference_url": "https://www.exploit-db.com/exploits/44557/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44557/" }, { "reference_url": "http://www.securityfocus.com/bid/103985", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securityfocus.com/bid/103985" }, { "reference_url": "http://www.securitytracker.com/id/1040754", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securitytracker.com/id/1040754" }, { "reference_url": "https://security.archlinux.org/ASA-201804-10", "reference_id": "ASA-201804-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-10" }, { "reference_url": "https://security.archlinux.org/AVG-679", "reference_id": "AVG-679", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-679" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb", "reference_id": "CVE-2018-7602", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt" }, { "reference_url": "https://pastebin.com/pRM8nmwj", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://pastebin.com/pRM8nmwj" }, { "reference_url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg", "reference_id": "GHSA-297x-j9pm-xjgg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46015?format=api", "purl": "pkg:composer/drupal/drupal@8.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/46016?format=api", "purl": "pkg:composer/drupal/drupal@8.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.3" } ], "aliases": [ "CVE-2018-7602", "GHSA-297x-j9pm-xjgg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwvq-399y-rfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7352?format=api", "vulnerability_id": "VCID-xumx-m3zz-jkh6", "summary": "Open redirect via double-encoded 'destination' parameter\nOpen redirect vulnerability in the `drupal_goto` function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the `destination` parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.7027", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70345", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.7036", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70322", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70277", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70283", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3167" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3167.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3167.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3167.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3167.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3167" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3498" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/24/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/15/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gxwx-c7m8-f95h", "reference_id": "GHSA-gxwx-c7m8-f95h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gxwx-c7m8-f95h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22065?format=api", "purl": "pkg:composer/drupal/drupal@8.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.4" } ], "aliases": [ "CVE-2016-3167", "GHSA-gxwx-c7m8-f95h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xumx-m3zz-jkh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7884?format=api", "vulnerability_id": "VCID-y74s-ghyc-2bhs", "summary": "Access Bypass\nThis is a critical access bypass vulnerability in Drupal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.6933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69416", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69393", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69327", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69347", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69318", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6919" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml" }, { "reference_url": "https://groups.drupal.org/node/516645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.drupal.org/node/516645" }, { "reference_url": "https://www.drupal.org/SA-2017-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-2017-002" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-002" }, { "reference_url": "http://www.securityfocus.com/bid/97941", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/97941" }, { "reference_url": "http://www.securitytracker.com/id/1038371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038371" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:alpha1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.3.0:alpha1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:alpha1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.3.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.3.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:8.3.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:8.3.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6919", "reference_id": "CVE-2017-6919", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6919" }, { "reference_url": "https://github.com/advisories/GHSA-6hpj-9xj7-2jxx", "reference_id": "GHSA-6hpj-9xj7-2jxx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hpj-9xj7-2jxx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/156033?format=api", "purl": "pkg:composer/drupal/drupal@8.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/157702?format=api", "purl": "pkg:composer/drupal/drupal@8.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/24100?format=api", "purl": "pkg:composer/drupal/drupal@8.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/24101?format=api", "purl": "pkg:composer/drupal/drupal@8.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.1" } ], "aliases": [ "CVE-2017-6919", "GHSA-6hpj-9xj7-2jxx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y74s-ghyc-2bhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8834?format=api", "vulnerability_id": "VCID-yare-57j9-j7cs", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nDrupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.595", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5965", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59573", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6932" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-wm86-w3cf-h6vm", "reference_id": "GHSA-wm86-w3cf-h6vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm86-w3cf-h6vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6932", "GHSA-wm86-w3cf-h6vm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yare-57j9-j7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10234?format=api", "vulnerability_id": "VCID-ymka-jfep-87gt", "summary": "Missing Authorization\nWhen creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72338", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72354", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7228", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72304", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72285", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6923" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6923", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6923" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-004" }, { "reference_url": "http://www.securityfocus.com/bid/100368", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/100368" }, { "reference_url": "http://www.securitytracker.com/id/1039200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1039200" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-v3f6-f29f-rgvp", "reference_id": "GHSA-v3f6-f29f-rgvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3f6-f29f-rgvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24099?format=api", "purl": "pkg:composer/drupal/drupal@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/78755?format=api", "purl": "pkg:composer/drupal/drupal@8.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7" } ], "aliases": [ "CVE-2017-6923", "GHSA-v3f6-f29f-rgvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymka-jfep-87gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7557?format=api", "vulnerability_id": "VCID-yrzt-3m97-53ce", "summary": "Unprivileged access to taxonomy terms\nModules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43991", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3718", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3718" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-p745-347h-hjfw", "reference_id": "GHSA-p745-347h-hjfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p745-347h-hjfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9449", "GHSA-p745-347h-hjfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzt-3m97-53ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7514?format=api", "vulnerability_id": "VCID-yty5-zn46-r3dj", "summary": "Unprivileged access to \"Administer comments\"\nUsers who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57143", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.5715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.571", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7570" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7570", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7570" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-6g9h-6v79-w4pc", "reference_id": "GHSA-6g9h-6v79-w4pc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6g9h-6v79-w4pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7570", "GHSA-6g9h-6v79-w4pc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yty5-zn46-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7442?format=api", "vulnerability_id": "VCID-zawz-vky5-tkgt", "summary": "Improper Access Control\nPHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.99162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.9917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.99168", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.99169", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.99163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.81346", "scoring_system": "epss", "scoring_elements": "0.99165", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5385" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97" }, { "reference_url": "https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9" }, { "reference_url": "https://github.com/bugsnag/bugsnag-laravel/pull/143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bugsnag/bugsnag-laravel/pull/143" }, { "reference_url": "https://github.com/bugsnag/bugsnag-laravel/pull/145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bugsnag/bugsnag-laravel/pull/145" }, { "reference_url": "https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08" }, { "reference_url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1" }, { "reference_url": "https://github.com/humbug/file_get_contents/pull/23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/humbug/file_get_contents/pull/23" }, { "reference_url": "https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5" }, { "reference_url": "https://github.com/humbug/file_get_contents/releases/tag/1.1.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/humbug/file_get_contents/releases/tag/1.1.2" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "reference_url": "https://httpoxy.org/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpoxy.org/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/" }, { "reference_url": "https://security.gentoo.org/glsa/201611-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-22" }, { "reference_url": "https://twitter.com/asyncphp/status/755136084917583872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/asyncphp/status/755136084917583872" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2016-019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2016-019" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2016-003" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3631", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3631" }, { "reference_url": "http://www.kb.cert.org/vuls/id/797896", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.kb.cert.org/vuls/id/797896" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "reference_url": "http://www.securityfocus.com/bid/91821", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91821" }, { "reference_url": "http://www.securitytracker.com/id/1036335", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036335" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5385", "reference_id": "CVE-2016-5385", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5385" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml", "reference_id": "CVE-2016-5385.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m6ch-gg5f-wxx3", "reference_id": "GHSA-m6ch-gg5f-wxx3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6ch-gg5f-wxx3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1609", "reference_id": "RHSA-2016:1609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1610", "reference_id": "RHSA-2016:1610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1611", "reference_id": "RHSA-2016:1611", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1611" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1612", "reference_id": "RHSA-2016:1612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1613", "reference_id": "RHSA-2016:1613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1613" }, { "reference_url": "https://usn.ubuntu.com/3045-1/", "reference_id": "USN-3045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3045-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22693?format=api", "purl": "pkg:composer/drupal/drupal@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/143343?format=api", "purl": "pkg:composer/drupal/drupal@8.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.7" } ], "aliases": [ "CVE-2016-5385", "GHSA-m6ch-gg5f-wxx3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zawz-vky5-tkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7517?format=api", "vulnerability_id": "VCID-zvtp-4we3-qygx", "summary": "Unprivileged access to config export\nThe `system.temporary` route allows the download of a full config export. The full config export should be limited to those with \"Export configuration\" permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48591", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48568", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4851", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4852", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7572" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7572", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7572" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-fmqh-2j2x-vgp3", "reference_id": "GHSA-fmqh-2j2x-vgp3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmqh-2j2x-vgp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7572", "GHSA-fmqh-2j2x-vgp3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvtp-4we3-qygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7502?format=api", "vulnerability_id": "VCID-zxqc-67jp-uba7", "summary": "Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.7825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78304", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78295", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78242", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6211" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6211", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6211" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-002" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3604", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3604" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/07/13/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/07/13/7" }, { "reference_url": "http://www.securityfocus.com/bid/91230", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/91230" }, { "reference_url": "https://github.com/advisories/GHSA-frqf-9qr4-6vxf", "reference_id": "GHSA-frqf-9qr4-6vxf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqf-9qr4-6vxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22693?format=api", "purl": "pkg:composer/drupal/drupal@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zvtp-4we3-qygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0" } ], "aliases": [ "CVE-2016-6211", "GHSA-frqf-9qr4-6vxf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxqc-67jp-uba7" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32449?format=api", "vulnerability_id": "VCID-5618-53yg-8qh4", "summary": "Potential XSS vulnerability in jQuery\n### Impact\nPassing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.\n\n### Patches\nThis problem is patched in jQuery 3.5.0.\n\n### Workarounds\nTo workaround the issue without upgrading, adding the following to your code:\n\n```js\njQuery.htmlPrefilter = function( html ) {\n\treturn html;\n};\n```\n\nYou need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.\n\n### References\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://jquery.com/upgrade-guide/3.5/\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02136", "scoring_system": "epss", "scoring_elements": "0.84194", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03251", "scoring_system": "epss", "scoring_elements": "0.87068", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03251", "scoring_system": "epss", "scoring_elements": "0.87079", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11022" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662" }, { "reference_url": "http://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" }, { "reference_url": "https://github.com/jquery/jquery/releases/tag/3.5.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/releases/tag/3.5.0" }, { "reference_url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2" }, { "reference_url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc" }, { "reference_url": "https://github.com/maximebf/php-debugbar/issues/447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/issues/447" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jquery.com/upgrade-guide/3.5" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jquery.com/upgrade-guide/3.5/" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "reference_url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html" }, { "reference_url": "https://security.gentoo.org/glsa/202007-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-03" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4693" }, { "reference_url": "https://www.drupal.org/sa-core-2020-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-002" }, { "reference_url": "https://www.npmjs.com/advisories/1518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1518" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2020-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2020-10" }, { "reference_url": "https://www.tenable.com/security/tns-2020-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2020-11" }, { "reference_url": "https://www.tenable.com/security/tns-2021-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-02" }, { "reference_url": "https://www.tenable.com/security/tns-2021-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", "reference_id": "1828406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt", "reference_id": "CVE-2020-11022", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2217", "reference_id": "RHSA-2020:2217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2362", "reference_id": "RHSA-2020:2362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3247", "reference_id": "RHSA-2020:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3807", "reference_id": "RHSA-2020:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4211", "reference_id": "RHSA-2020:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5249", "reference_id": "RHSA-2020:5249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6393", "reference_id": "RHSA-2022:6393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://usn.ubuntu.com/7246-1/", "reference_id": "USN-7246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7246-1/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://usn.ubuntu.com/7658-1/", "reference_id": "USN-7658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/263705?format=api", "purl": "pkg:composer/drupal/drupal@8.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/201535?format=api", "purl": "pkg:composer/drupal/drupal@8.8.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/222408?format=api", "purl": "pkg:composer/drupal/drupal@8.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/205316?format=api", "purl": "pkg:composer/drupal/drupal@8.9.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.0-beta1" } ], "aliases": [ "CVE-2020-11022", "GHSA-gxr4-xjj5-5px2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5618-53yg-8qh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52062?format=api", "vulnerability_id": "VCID-8b29-85h4-zkhc", "summary": "Drupal SQL Injection vulnerability\nAn SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.6982", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69848", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69911", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69896", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2715" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2715" }, { "reference_url": "https://www.drupal.org/node/1056470", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/node/1056470" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8" }, { "reference_url": "https://github.com/advisories/GHSA-hcq9-hmgf-6qr9", "reference_id": "GHSA-hcq9-hmgf-6qr9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcq9-hmgf-6qr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" } ], "aliases": [ "CVE-2011-2715", "GHSA-hcq9-hmgf-6qr9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8b29-85h4-zkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11440?format=api", "vulnerability_id": "VCID-btgv-ef3h-83d3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\njQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41182.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.9606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96042", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.9603", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24078", "scoring_system": "epss", "scoring_elements": "0.96055", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41182" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jquery/jquery-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui" }, { "reference_url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2021-41182.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2021-41182.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211118-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211118-0004/" }, { "reference_url": "https://www.drupal.org/sa-contrib-2022-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-contrib-2022-004" }, { "reference_url": "https://www.drupal.org/sa-core-2022-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-002" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.tenable.com/security/tns-2022-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144", "reference_id": "2019144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182", "reference_id": "CVE-2021-41182", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182" }, { "reference_url": "https://github.com/advisories/GHSA-9gj3-hwp5-pmwc", "reference_id": "GHSA-9gj3-hwp5-pmwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gj3-hwp5-pmwc" }, { "reference_url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc", "reference_id": "GHSA-9gj3-hwp5-pmwc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4711", "reference_id": "RHSA-2022:4711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4711" }, { "reference_url": "https://usn.ubuntu.com/6419-1/", "reference_id": "USN-6419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" } ], "aliases": [ "CVE-2021-41182", "GHSA-9gj3-hwp5-pmwc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btgv-ef3h-83d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32455?format=api", "vulnerability_id": "VCID-cvxp-ctj9-guej", "summary": "Potential XSS vulnerability in jQuery\n### Impact\nPassing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.\n\n### Patches\nThis problem is patched in jQuery 3.5.0.\n\n### Workarounds\nTo workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method.\n\n### References\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html" }, { "reference_url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.97106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36278", "scoring_system": "epss", "scoring_elements": "0.9709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36851", "scoring_system": "epss", "scoring_elements": "0.97117", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36851", "scoring_system": "epss", "scoring_elements": "0.97125", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11023" }, { "reference_url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" }, { "reference_url": "https://github.com/jquery/jquery/releases/tag/3.5.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery/releases/tag/3.5.0" }, { "reference_url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jquery.com/upgrade-guide/3.5" }, { "reference_url": "https://jquery.com/upgrade-guide/3.5/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://jquery.com/upgrade-guide/3.5/" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "reference_url": "https://security.gentoo.org/glsa/202007-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://security.gentoo.org/glsa/202007-03" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230725-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230725-0003" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4693" }, { "reference_url": "https://www.drupal.org/sa-core-2020-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.drupal.org/sa-core-2020-002" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.tenable.com/security/tns-2021-02" }, { "reference_url": "https://www.tenable.com/security/tns-2021-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://www.tenable.com/security/tns-2021-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", "reference_id": "1850004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", "reference_id": "AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt", "reference_id": "CVE-2020-11023", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml", "reference_id": "CVE-2020-23064.YML", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0006/", "reference_id": "ntap-20200511-0006", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0006/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", "reference_id": "QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3247", "reference_id": "RHSA-2020:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3369", "reference_id": "RHSA-2020:3369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3807", "reference_id": "RHSA-2020:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4211", "reference_id": "RHSA-2020:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5249", "reference_id": "RHSA-2020:5249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5412", "reference_id": "RHSA-2020:5412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0851", "reference_id": "RHSA-2021:0851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0860", "reference_id": "RHSA-2021:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1846", "reference_id": "RHSA-2021:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4142", "reference_id": "RHSA-2021:4142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6393", "reference_id": "RHSA-2022:6393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7343", "reference_id": "RHSA-2022:7343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1070", "reference_id": "RHSA-2025:1070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1185", "reference_id": "RHSA-2025:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1209", "reference_id": "RHSA-2025:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1210", "reference_id": "RHSA-2025:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1211", "reference_id": "RHSA-2025:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1212", "reference_id": "RHSA-2025:1212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1213", "reference_id": "RHSA-2025:1213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1214", "reference_id": "RHSA-2025:1214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1215", "reference_id": "RHSA-2025:1215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1216", "reference_id": "RHSA-2025:1216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1217", "reference_id": "RHSA-2025:1217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1247", "reference_id": "RHSA-2025:1247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1255", "reference_id": "RHSA-2025:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1256", "reference_id": "RHSA-2025:1256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1300", "reference_id": "RHSA-2025:1300", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1300" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1301", "reference_id": "RHSA-2025:1301", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1301" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1303", "reference_id": "RHSA-2025:1303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1304", "reference_id": "RHSA-2025:1304", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1305", "reference_id": "RHSA-2025:1305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1306", "reference_id": "RHSA-2025:1306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1308", "reference_id": "RHSA-2025:1308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1309", "reference_id": "RHSA-2025:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1310", "reference_id": "RHSA-2025:1310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1311", "reference_id": "RHSA-2025:1311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1312", "reference_id": "RHSA-2025:1312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1314", "reference_id": "RHSA-2025:1314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1315", "reference_id": "RHSA-2025:1315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1329", "reference_id": "RHSA-2025:1329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1338", "reference_id": "RHSA-2025:1338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1342", "reference_id": "RHSA-2025:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1346", "reference_id": "RHSA-2025:1346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1514", "reference_id": "RHSA-2025:1514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1515", "reference_id": "RHSA-2025:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1580", "reference_id": "RHSA-2025:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1601", "reference_id": "RHSA-2025:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1983", "reference_id": "RHSA-2025:1983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2426", "reference_id": "RHSA-2025:2426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2426" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", "reference_id": "SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", "reference_id": "SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/" }, { "reference_url": "https://usn.ubuntu.com/7246-1/", "reference_id": "USN-7246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7246-1/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://usn.ubuntu.com/7658-1/", "reference_id": "USN-7658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/263705?format=api", "purl": "pkg:composer/drupal/drupal@8.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/201535?format=api", "purl": "pkg:composer/drupal/drupal@8.8.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/222408?format=api", "purl": "pkg:composer/drupal/drupal@8.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gbz5-5frj-hber" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mhk6-9qdy-83f3" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-v9v6-ae3e-g3hk" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/205316?format=api", "purl": "pkg:composer/drupal/drupal@8.9.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.0-beta1" } ], "aliases": [ "CVE-2020-11023", "GHSA-jpcq-cgw6-v4j6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvxp-ctj9-guej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10488?format=api", "vulnerability_id": "VCID-djgn-ezxp-37eu", "summary": "Cross-site Scripting\nUnder certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.9765", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.46484", "scoring_system": "epss", "scoring_elements": "0.97634", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/" }, { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-004" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341", "reference_id": "CVE-2019-6341", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341" }, { "reference_url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p", "reference_id": "GHSA-cmmh-8mwp-gq5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmmh-8mwp-gq5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84347?format=api", "purl": "pkg:composer/drupal/drupal@7.65.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.65.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35606?format=api", "purl": "pkg:composer/drupal/drupal@8.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35607?format=api", "purl": "pkg:composer/drupal/drupal@8.6.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.13" } ], "aliases": [ "CVE-2019-6341", "GHSA-cmmh-8mwp-gq5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djgn-ezxp-37eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11441?format=api", "vulnerability_id": "VCID-gypk-ukbc-7qe3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\njQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86387", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86328", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86357", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86399", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02921", "scoring_system": "epss", "scoring_elements": "0.86358", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41183" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/" }, { "reference_url": "https://bugs.jqueryui.com/ticket/15284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.jqueryui.com/ticket/15284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jquery/jquery-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui" }, { "reference_url": "https://github.com/jquery/jquery-ui/pull/1953", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/pull/1953" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211118-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211118-0004/" }, { "reference_url": "https://www.drupal.org/sa-contrib-2022-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-contrib-2022-004" }, { "reference_url": "https://www.drupal.org/sa-core-2022-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-001" }, { "reference_url": "https://www.drupal.org/sa-core-2022-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-002" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.tenable.com/security/tns-2022-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148", "reference_id": "2019148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183", "reference_id": "CVE-2021-41183", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183" }, { "reference_url": "https://github.com/advisories/GHSA-j7qv-pgf6-hvh4", "reference_id": "GHSA-j7qv-pgf6-hvh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j7qv-pgf6-hvh4" }, { "reference_url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4", "reference_id": "GHSA-j7qv-pgf6-hvh4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4711", "reference_id": "RHSA-2022:4711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4711" }, { "reference_url": "https://usn.ubuntu.com/6419-1/", "reference_id": "USN-6419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" } ], "aliases": [ "CVE-2021-41183", "GHSA-j7qv-pgf6-hvh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gypk-ukbc-7qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11439?format=api", "vulnerability_id": "VCID-sbmj-9trz-2ybf", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\njQuery-UI is the official jQuery user interface library.Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41184.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96171", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96199", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.9619", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.25367", "scoring_system": "epss", "scoring_elements": "0.96202", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41184" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released" }, { "reference_url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Aug/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2024/Aug/37" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jquery/jquery-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui" }, { "reference_url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211118-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211118-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211118-0004/" }, { "reference_url": "https://www.drupal.org/sa-core-2022-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-001" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.tenable.com/security/tns-2022-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153", "reference_id": "2019153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184", "reference_id": "CVE-2021-41184", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184" }, { "reference_url": "https://github.com/advisories/GHSA-gpqq-952q-5327", "reference_id": "GHSA-gpqq-952q-5327", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gpqq-952q-5327" }, { "reference_url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327", "reference_id": "GHSA-gpqq-952q-5327", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4711", "reference_id": "RHSA-2022:4711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4711" }, { "reference_url": "https://usn.ubuntu.com/6419-1/", "reference_id": "USN-6419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6419-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5181-1/", "reference_id": "USN-USN-5181-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5181-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" } ], "aliases": [ "CVE-2021-41184", "GHSA-gpqq-952q-5327" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbmj-9trz-2ybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52051?format=api", "vulnerability_id": "VCID-t5xa-hsz5-mbh5", "summary": "Drupal Cross-Site Scripting vulnerability\nA Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67062", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67134", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67179", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.6716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67147", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67099", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2714" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2714", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2714" }, { "reference_url": "https://seclists.org/fulldisclosure/2011/Feb/219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/fulldisclosure/2011/Feb/219" }, { "reference_url": "https://www.drupal.org/node/1056470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/node/1056470" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8" }, { "reference_url": "https://github.com/advisories/GHSA-qp8q-gwf5-hqh2", "reference_id": "GHSA-qp8q-gwf5-hqh2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qp8q-gwf5-hqh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" } ], "aliases": [ "CVE-2011-2714", "GHSA-qp8q-gwf5-hqh2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5xa-hsz5-mbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12929?format=api", "vulnerability_id": "VCID-zw3u-6ue7-efdf", "summary": "Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57829", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57825", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57854", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25271" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" }, { "reference_url": "https://www.drupal.org/sa-core-2022-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271", "reference_id": "CVE-2022-25271", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271" }, { "reference_url": "https://github.com/advisories/GHSA-fmfv-x8mp-5767", "reference_id": "GHSA-fmfv-x8mp-5767", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmfv-x8mp-5767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22063?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-2ctt-zm9j-17bx" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-381m-cmnk-ykef" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-4wwt-vt76-dbe1" }, { "vulnerability": "VCID-53h1-sj47-gugn" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-9wt5-xe6d-n3cb" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-en3b-g3f3-a3e3" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-h6yp-zj5e-zkbm" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-mt37-qzh7-gyfv" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-ssyn-dxp9-3kdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-tk6t-srar-h7a8" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-u5wt-ndvn-3ffg" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-we42-mkyk-hfer" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-xumx-m3zz-jkh6" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" }, { "vulnerability": "VCID-yty5-zn46-r3dj" }, { "vulnerability": "VCID-zawz-vky5-tkgt" }, { "vulnerability": "VCID-zvtp-4we3-qygx" }, { "vulnerability": "VCID-zxqc-67jp-uba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/284128?format=api", "purl": "pkg:composer/drupal/drupal@9.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/284134?format=api", "purl": "pkg:composer/drupal/drupal@9.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-1qgc-gjdn-9fhk" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.6" } ], "aliases": [ "CVE-2022-25271", "GHSA-fmfv-x8mp-5767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zw3u-6ue7-efdf" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }