Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52626?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52626?format=api", "purl": "pkg:composer/drupal/core@7.0.0", "type": "composer", "namespace": "drupal", "name": "core", "version": "7.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.58.0", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42433?format=api", "vulnerability_id": "VCID-2g67-a42m-qfbh", "summary": "Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2022-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271", "reference_id": "CVE-2022-25271", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60697?format=api", "purl": "pkg:composer/drupal/core@9.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/60698?format=api", "purl": "pkg:composer/drupal/core@9.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-r1hd-d39y-syhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6" } ], "aliases": [ "CVE-2022-25271" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39448?format=api", "vulnerability_id": "VCID-6rtn-zphz-sydn", "summary": "Incorrect Permission Assignment for Critical Resource\nWhen using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.", "references": [ { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928", "reference_id": "CVE-2017-6928", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2017-6928" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rtn-zphz-sydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30634?format=api", "vulnerability_id": "VCID-84eq-cq89-9qhm", "summary": "Modification of Assumed-Immutable Data (MAID)\nPrototype pollution attack through jQuery $.extend", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "reference_url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "reference_url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f" }, { "reference_url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829" }, { "reference_url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "reference_url": "https://github.com/jquery/jquery/pull/4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jquery/jquery/pull/4333" }, { "reference_url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc" }, { "reference_url": "https://github.com/maximebf/php-debugbar/issues/447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/maximebf/php-debugbar/issues/447" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" }, { "reference_url": "https://hackerone.com/reports/454365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/454365" }, { "reference_url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190919-0001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190919-0001" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "reference_url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "reference_url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases" }, { "reference_url": "https://www.drupal.org/sa-core-2019-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://www.tenable.com/security/tns-2019-08", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-08" }, { "reference_url": "https://www.tenable.com/security/tns-2020-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2020-02" }, { "reference_url": "http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json", "reference_id": "496", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "reference_id": "CVE-2019-11358", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml", "reference_id": "CVE-2019-11358.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq", "reference_id": "GHSA-6c3j-c64m-qhgq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57855?format=api", "purl": "pkg:composer/drupal/core@8.5.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/57856?format=api", "purl": "pkg:composer/drupal/core@8.6.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15" } ], "aliases": [ "CVE-2019-11358", "GHSA-6c3j-c64m-qhgq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84eq-cq89-9qhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43516?format=api", "vulnerability_id": "VCID-9nk8-dban-g7h9", "summary": "Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62442?format=api", "purl": "pkg:composer/drupal/core@7.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.62.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62443?format=api", "purl": "pkg:composer/drupal/core@8.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62441?format=api", "purl": "pkg:composer/drupal/core@8.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10" } ], "aliases": [ "CVE-2019-6340", "GHSA-3gx6-h57h-rm27" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nk8-dban-g7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48406?format=api", "vulnerability_id": "VCID-a3s2-c4k2-4ufn", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2025-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71452?format=api", "purl": "pkg:composer/drupal/core@7.103.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.103.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/71441?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/71442?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/71443?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/71444?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4273?format=api", "vulnerability_id": "VCID-a4u4-ga84-wyf9", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4180" }, { "reference_url": "https://www.drupal.org/sa-core-2018-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-004" }, { "reference_url": "https://www.exploit-db.com/exploits/44542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44542" }, { "reference_url": "https://www.exploit-db.com/exploits/44557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44557" }, { "reference_url": "https://security.archlinux.org/ASA-201804-10", "reference_id": "ASA-201804-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-10" }, { "reference_url": "https://security.archlinux.org/AVG-679", "reference_id": "AVG-679", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-679" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602", "reference_id": "CVE-2018-7602", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml", "reference_id": "CVE-2018-7602.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml", "reference_id": "CVE-2018-7602.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg", "reference_id": "GHSA-297x-j9pm-xjgg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69862?format=api", "purl": "pkg:composer/drupal/core@7.59.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.59.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/69863?format=api", "purl": "pkg:composer/drupal/core@8.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/69864?format=api", "purl": "pkg:composer/drupal/core@8.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.3" } ], "aliases": [ "CVE-2018-7602", "GHSA-297x-j9pm-xjgg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4u4-ga84-wyf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45048?format=api", "vulnerability_id": "VCID-a7ss-tkb6-gkge", "summary": "Improper access control\nIn some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.", "references": [ { "reference_url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf" }, { "reference_url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116" }, { "reference_url": "https://www.drupal.org/sa-core-2022-012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2022-012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275", "reference_id": "CVE-2022-25275", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml", "reference_id": "CVE-2022-25275.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3", "reference_id": "GHSA-xh3v-6f9j-wxw3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64975?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/64976?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25275", "GHSA-xh3v-6f9j-wxw3", "GMS-2022-3362" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45058?format=api", "vulnerability_id": "VCID-bge7-rqsx-gfee", "summary": "Access bypass in Drupal core\nThe file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2023-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2023-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250", "reference_id": "CVE-2023-31250", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250" }, { "reference_url": "https://github.com/advisories/GHSA-8849-cv9f-vccm", "reference_id": "GHSA-8849-cv9f-vccm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8849-cv9f-vccm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64992?format=api", "purl": "pkg:composer/drupal/core@7.96.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.96.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/64993?format=api", "purl": "pkg:composer/drupal/core@9.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64990?format=api", "purl": "pkg:composer/drupal/core@9.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/64991?format=api", "purl": "pkg:composer/drupal/core@10.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8" } ], "aliases": [ "CVE-2023-31250", "GHSA-8849-cv9f-vccm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bge7-rqsx-gfee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40820?format=api", "vulnerability_id": "VCID-e12q-qavs-qybu", "summary": "Cross-site Scripting vulnerability in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57614?format=api", "purl": "pkg:composer/drupal/core@8.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12" } ], "aliases": [ "GMS-2019-147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e12q-qavs-qybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40839?format=api", "vulnerability_id": "VCID-e69p-v2ws-vufj", "summary": "Cross-site Scripting\nUnder certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-004" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341", "reference_id": "CVE-2019-6341", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6341" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57654?format=api", "purl": "pkg:composer/drupal/core@8.5.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/57655?format=api", "purl": "pkg:composer/drupal/core@8.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.13" } ], "aliases": [ "CVE-2019-6341" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e69p-v2ws-vufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40619?format=api", "vulnerability_id": "VCID-e8un-nbkk-cbf9", "summary": "Deserialization of Untrusted Data\nDrupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57349?format=api", "purl": "pkg:composer/drupal/core@8.6.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6" } ], "aliases": [ "CVE-2019-6338" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8un-nbkk-cbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38261?format=api", "vulnerability_id": "VCID-ey9c-4yhy-3qa5", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nConfirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.", "references": [ { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9451", "reference_id": "CVE-2016-9451", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9451" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2016-9451" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ey9c-4yhy-3qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38070?format=api", "vulnerability_id": "VCID-mscp-wvvx-zfh3", "summary": "Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.", "references": [ { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169", "reference_id": "CVE-2016-3169", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3169" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" } ], "aliases": [ "CVE-2016-3169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mscp-wvvx-zfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38084?format=api", "vulnerability_id": "VCID-n5n3-p5yy-13d9", "summary": "Open redirect via path manipulation\nDrupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.", "references": [ { "reference_url": "https://www.drupal.org/SA-CORE-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2016-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164", "reference_id": "CVE-2016-3164", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52631?format=api", "purl": "pkg:composer/drupal/core@8.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4" } ], "aliases": [ "CVE-2016-3164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n3-p5yy-13d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4307?format=api", "vulnerability_id": "VCID-pmmq-8s2m-h7dp", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600" }, { "reference_url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core" }, { "reference_url": "https://greysec.net/showthread.php?tid=2912&pid=10561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://greysec.net/showthread.php?tid=2912&pid=10561" }, { "reference_url": "https://groups.drupal.org/security/faq-2018-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.drupal.org/security/faq-2018-002" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2" }, { "reference_url": "https://twitter.com/arancaytar/status/979090719003627521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/arancaytar/status/979090719003627521" }, { "reference_url": "https://twitter.com/RicterZ/status/979567469726613504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/RicterZ/status/979567469726613504" }, { "reference_url": "https://twitter.com/RicterZ/status/984495201354854401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/RicterZ/status/984495201354854401" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4156" }, { "reference_url": "https://www.drupal.org/sa-core-2018-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-002" }, { "reference_url": "https://www.exploit-db.com/exploits/44448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44448" }, { "reference_url": "https://www.exploit-db.com/exploits/44449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44449" }, { "reference_url": "https://www.exploit-db.com/exploits/44482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44482" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_18_17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/support/security/Synology_SA_18_17" }, { "reference_url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know" }, { "reference_url": "https://security.archlinux.org/ASA-201804-1", "reference_id": "ASA-201804-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-1" }, { "reference_url": "https://security.archlinux.org/AVG-665", "reference_id": "AVG-665", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-665" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [], "url": "https://github.com/a2u/CVE-2018-7600" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600" }, { "reference_url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE", "reference_id": "CVE-2018-7600-DRUPAL-RCE", "reference_type": "", "scores": [], "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml", "reference_id": "CVE-2018-7600.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7fh9-933g-885p", "reference_id": "GHSA-7fh9-933g-885p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7fh9-933g-885p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63075?format=api", "purl": "pkg:composer/drupal/core@7.58.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.58.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63076?format=api", "purl": "pkg:composer/drupal/core@8.3.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/63077?format=api", "purl": "pkg:composer/drupal/core@8.4.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63078?format=api", "purl": "pkg:composer/drupal/core@8.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.1" } ], "aliases": [ "CVE-2018-7600", "GHSA-7fh9-933g-885p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmmq-8s2m-h7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40375?format=api", "vulnerability_id": "VCID-qsuc-53pg-zkda", "summary": "Code Injection\nInjection in `DefaultMailSystem::mail()`.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56782?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "GMS-2018-55" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsuc-53pg-zkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3853?format=api", "vulnerability_id": "VCID-tpzm-u3qp-akc8", "summary": "multiple issues", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2021-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2021-002" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672", "reference_id": "CVE-2020-13672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3m36-mjwj-352c", "reference_id": "GHSA-3m36-mjwj-352c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3m36-mjwj-352c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60654?format=api", "purl": "pkg:composer/drupal/core@7.80.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.80.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60655?format=api", "purl": "pkg:composer/drupal/core@8.9.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/60656?format=api", "purl": "pkg:composer/drupal/core@9.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60657?format=api", "purl": "pkg:composer/drupal/core@9.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7" } ], "aliases": [ "CVE-2020-13672", "GHSA-3m36-mjwj-352c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41563?format=api", "vulnerability_id": "VCID-wsv7-je8g-sqet", "summary": "Drupal core Unrestricted Upload of File with Dangerous Type\nDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/core" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671" }, { "reference_url": "https://www.drupal.org/sa-core-2020-012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2020-012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671", "reference_id": "CVE-2020-13671", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml", "reference_id": "CVE-2020-13671.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw", "reference_id": "GHSA-68jc-v27h-vhmw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59270?format=api", "purl": "pkg:composer/drupal/core@7.74.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.74.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59269?format=api", "purl": "pkg:composer/drupal/core@8.8.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59268?format=api", "purl": "pkg:composer/drupal/core@8.9.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/59267?format=api", "purl": "pkg:composer/drupal/core@9.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8" } ], "aliases": [ "CVE-2020-13671", "GHSA-68jc-v27h-vhmw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40969?format=api", "vulnerability_id": "VCID-wszp-2es5-z7fy", "summary": "Moderately critical - Third-party libraries - SA-CORE-2019-007\nThe `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.", "references": [ { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/May/36" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4445" }, { "reference_url": "https://www.drupal.org/sa-core-2019-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-007" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-007" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/security/advisory/Synology_SA_19_22" }, { "reference_url": "http://www.securityfocus.com/bid/108302", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831", "reference_id": "CVE-2019-11831", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831" }, { "reference_url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc", "reference_id": "GHSA-xv7v-rf6g-xwrc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57979?format=api", "purl": "pkg:composer/drupal/core@8.6.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57980?format=api", "purl": "pkg:composer/drupal/core@8.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1" } ], "aliases": [ "CVE-2019-11831", "GHSA-xv7v-rf6g-xwrc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wszp-2es5-z7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40621?format=api", "vulnerability_id": "VCID-x34m-u169-1bce", "summary": "Improper Input Validation\nA remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57349?format=api", "purl": "pkg:composer/drupal/core@8.6.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6" } ], "aliases": [ "CVE-2019-6339" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x34m-u169-1bce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40351?format=api", "vulnerability_id": "VCID-yygb-pp11-5udj", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56782?format=api", "purl": "pkg:composer/drupal/core@8.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2" } ], "aliases": [ "GMS-2018-53" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yygb-pp11-5udj" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0" }