Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/drupal/drupal@8.6.6 |
|---|
| Type | composer |
|---|
| Namespace | drupal |
|---|
| Name | drupal |
|---|
| Version | 8.6.6 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 8.6.10 |
|---|
| Latest_non_vulnerable_version | 10.0.8 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-e8un-nbkk-cbf9 |
| vulnerability_id |
VCID-e8un-nbkk-cbf9 |
| summary |
Deserialization of Untrusted Data
Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6338
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e8un-nbkk-cbf9 |
|
| 1 |
| url |
VCID-x34m-u169-1bce |
| vulnerability_id |
VCID-x34m-u169-1bce |
| summary |
Improper Input Validation
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6339
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x34m-u169-1bce |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6 |
|---|