Package Instance

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28948

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id	1904001
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1904001

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id	976108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108

reference_url

reference_id

CVE-2020-28948

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28948

reference_url	https://access.redhat.com/errata/RHSA-2022:6541
reference_id	RHSA-2022:6541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6541

reference_url	https://access.redhat.com/errata/RHSA-2022:6542
reference_id	RHSA-2022:6542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6542

reference_url	https://access.redhat.com/errata/RHSA-2022:7340
reference_id	RHSA-2022:7340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7340

reference_url	https://usn.ubuntu.com/4654-1/
reference_id	USN-4654-1
reference_type
scores
url	https://usn.ubuntu.com/4654-1/

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

fixed_packages

url pkg:composer/drupal/core@8.9.10

purl pkg:composer/drupal/core@8.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67da-qxh5-aydx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10

url	pkg:composer/drupal/core@9.0.0-alpha1
purl	pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1

url pkg:composer/drupal/core@9.0.9

purl pkg:composer/drupal/core@9.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67da-qxh5-aydx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9

url	pkg:composer/drupal/core@9.1.0-alpha1
purl	pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1

aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7

url VCID-9dfs-rpqy-6kfa

vulnerability_id VCID-9dfs-rpqy-6kfa

summary

Injection Vulnerability
archive_tar has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed.

references

reference_url

http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28949

reference_id

reference_type

scores

value	0.93364
scoring_system	epss
scoring_elements	0.99822
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28949

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1910323
reference_id	1910323
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1910323

reference_url

reference_id

42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

reference_id

4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_id

5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id	976108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28949

reference_id

CVE-2020-28949

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28949

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml

reference_id

CVE-2020-28949.YAML

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml

reference_url	https://github.com/advisories/GHSA-75c5-f4gw-38r9
reference_id	GHSA-75c5-f4gw-38r9
reference_type
scores
url	https://github.com/advisories/GHSA-75c5-f4gw-38r9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_id

KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

reference_id

NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

reference_url	https://access.redhat.com/errata/RHSA-2022:6541
reference_id	RHSA-2022:6541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6541

reference_url	https://access.redhat.com/errata/RHSA-2022:6542
reference_id	RHSA-2022:6542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6542

reference_url	https://access.redhat.com/errata/RHSA-2022:7340
reference_id	RHSA-2022:7340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7340

reference_url	https://usn.ubuntu.com/4654-1/
reference_id	USN-4654-1
reference_type
scores
url	https://usn.ubuntu.com/4654-1/

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

reference_id

VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

fixed_packages

url	pkg:composer/drupal/core@8.8.12
purl	pkg:composer/drupal/core@8.8.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12

url pkg:composer/drupal/core@8.9.0-beta1

purl pkg:composer/drupal/core@8.9.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1

url pkg:composer/drupal/core@8.9.10

purl pkg:composer/drupal/core@8.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67da-qxh5-aydx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10

url	pkg:composer/drupal/core@9.0.0-alpha1
purl	pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1

url pkg:composer/drupal/core@9.0.9

purl pkg:composer/drupal/core@9.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67da-qxh5-aydx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9

url	pkg:composer/drupal/core@9.1.0-alpha1
purl	pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1

aliases CVE-2020-28949, GHSA-75c5-f4gw-38r9

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dfs-rpqy-6kfa

url VCID-sg4r-hncm-dqcq

vulnerability_id VCID-sg4r-hncm-dqcq

summary

Cross-site Scripting
A cross-site scripting vulnerability exists in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13666

reference_id

reference_type

scores

value	0.00509
scoring_system	epss
scoring_elements	0.66703
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13666

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml

reference_url

https://www.drupal.org/sa-core-2020-007

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13666

reference_id

CVE-2020-13666

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13666

reference_url

https://github.com/advisories/GHSA-8jj2-x2gc-ggm7

reference_id

GHSA-8jj2-x2gc-ggm7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8jj2-x2gc-ggm7

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-9dfs-rpqy-6kfa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13666, GHSA-8jj2-x2gc-ggm7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg4r-hncm-dqcq

Fixing_vulnerabilities

url VCID-phwu-rdm2-ufhr

vulnerability_id VCID-phwu-rdm2-ufhr

summary

Command Injection
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13664

reference_id

reference_type

scores

value	0.01962
scoring_system	epss
scoring_elements	0.83838
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13664

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13664.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13664.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13664.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13664.yaml

reference_url

https://www.drupal.org/sa-core-2020-005

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-005

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13664

reference_id

CVE-2020-13664

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13664

reference_url

https://github.com/advisories/GHSA-x72f-ggjw-v5xh

reference_id

GHSA-x72f-ggjw-v5xh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x72f-ggjw-v5xh

fixed_packages

url pkg:composer/drupal/core@8.8.8

purl pkg:composer/drupal/core@8.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8

url pkg:composer/drupal/core@8.9.1

purl pkg:composer/drupal/core@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1

url pkg:composer/drupal/core@9.0.1

purl pkg:composer/drupal/core@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1

aliases CVE-2020-13664, GHSA-x72f-ggjw-v5xh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phwu-rdm2-ufhr

url VCID-vz31-7246-aken

vulnerability_id VCID-vz31-7246-aken

summary

Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13663

reference_id

reference_type

scores

value	0.00155
scoring_system	epss
scoring_elements	0.35954
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693

reference_url

https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6

reference_url

https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml

reference_url

https://www.drupal.org/sa-core-2020-004

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-004

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13663

reference_id

CVE-2020-13663

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13663

reference_url

https://github.com/advisories/GHSA-m648-hpf8-qcjw

reference_id

GHSA-m648-hpf8-qcjw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m648-hpf8-qcjw

fixed_packages

url	pkg:composer/drupal/core@7.72.0
purl	pkg:composer/drupal/core@7.72.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.72.0

url pkg:composer/drupal/core@8.0.0

purl pkg:composer/drupal/core@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2989-fmjz-nkby

vulnerability	VCID-2c5f-q858-huaw

vulnerability	VCID-2fas-m6vh-myhc

vulnerability	VCID-2g67-a42m-qfbh

vulnerability	VCID-2t34-82p3-73c3

vulnerability	VCID-31qy-vagp-83b6

vulnerability	VCID-3pj1-y73r-vyhh

vulnerability	VCID-3xk4-qwaq-5yaj

vulnerability	VCID-4dpp-gg2v-q3et

vulnerability	VCID-4p4c-7rdc-37fa

vulnerability	VCID-4pg6-hqge-wkcb

vulnerability	VCID-4q59-j6u4-qfhk

vulnerability	VCID-56ze-2yw2-bfh8

vulnerability	VCID-5c5c-m7ba-kqct

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67w7-gq9f-ukf1

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-6s93-1cpz-yyg8

vulnerability	VCID-7bq1-m8df-k3ba

vulnerability	VCID-7ear-x9pf-yubc

vulnerability	VCID-7n7v-41m4-97gk

vulnerability	VCID-7v89-2sss-hfaz

vulnerability	VCID-8qd6-8ckc-h3g5

vulnerability	VCID-9nk8-dban-g7h9

vulnerability	VCID-a3s2-c4k2-4ufn

vulnerability	VCID-a4u4-ga84-wyf9

vulnerability	VCID-a7ss-tkb6-gkge

vulnerability	VCID-ah3h-t9qa-gudr

vulnerability	VCID-ard5-3cjv-1beu

vulnerability	VCID-asm8-guag-b3ep

vulnerability	VCID-avmn-kqky-83dd

vulnerability	VCID-ay6b-1a7z-qkas

vulnerability	VCID-b8fw-ya7y-h7d8

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-ckvk-xm4a-2qey

vulnerability	VCID-dav9-pgdh-8yey

vulnerability	VCID-deks-ns51-nbdg

vulnerability	VCID-dhwb-tvs2-vkht

vulnerability	VCID-dyhz-g3nv-yuc3

vulnerability	VCID-e12q-qavs-qybu

vulnerability	VCID-e8un-nbkk-cbf9

vulnerability	VCID-edfu-7ege-hkf5

vulnerability	VCID-egtv-y9w1-skgr

vulnerability	VCID-es39-uyu2-myap

vulnerability	VCID-hay8-hvsq-33bm

vulnerability	VCID-hkch-a5yn-jyg1

vulnerability	VCID-j7bj-atys-qfg3

vulnerability	VCID-jb63-xjup-1khv

vulnerability	VCID-jrhg-3271-tqdy

vulnerability	VCID-ks17-b29e-73au

vulnerability	VCID-kzrs-mrga-nyej

vulnerability	VCID-mm13-6dhq-nqfb

vulnerability	VCID-myja-t33q-q3cv

vulnerability	VCID-n5n3-p5yy-13d9

vulnerability	VCID-nacy-y1qt-5yhb

vulnerability	VCID-ng6g-hvc2-bkg4

vulnerability	VCID-nwdx-mgsc-s3f3

vulnerability	VCID-p54u-b18k-jyft

vulnerability	VCID-pgnc-fq4m-3kaz

vulnerability	VCID-pmmq-8s2m-h7dp

vulnerability	VCID-pnme-dc73-efcb

vulnerability	VCID-pzp5-2bpz-jfe2

vulnerability	VCID-q6zh-decq-bkau

vulnerability	VCID-qj1a-e46b-b7fs

vulnerability	VCID-qsuc-53pg-zkda

vulnerability	VCID-rd4g-h1j9-23cb

vulnerability	VCID-rsc6-y1uv-6bfq

vulnerability	VCID-t5ya-jzjf-ckh6

vulnerability	VCID-t89y-c9hq-9bhk

vulnerability	VCID-ta99-gcmk-2qc8

vulnerability	VCID-tbhc-6qre-7kc5

vulnerability	VCID-tbk2-zprq-27c8

vulnerability	VCID-tpzm-u3qp-akc8

vulnerability	VCID-ughj-q27r-yfe2

vulnerability	VCID-uq9s-79g7-rqh6

vulnerability	VCID-uvmv-j9kx-jfeq

vulnerability	VCID-vz31-7246-aken

vulnerability	VCID-w4ks-ufnz-vfav

vulnerability	VCID-wapd-e3mu-sffn

vulnerability	VCID-wgac-uvfw-8ufm

vulnerability	VCID-wsv7-je8g-sqet

vulnerability	VCID-wszp-2es5-z7fy

vulnerability	VCID-x34m-u169-1bce

vulnerability	VCID-x36p-1a6e-rqad

vulnerability	VCID-y1nb-prqc-suaj

vulnerability	VCID-y5mz-1wsc-w3g7

vulnerability	VCID-ydy1-x277-1fhj

vulnerability	VCID-yq4q-hydz-vuga

vulnerability	VCID-yygb-pp11-5udj

vulnerability	VCID-z2xs-z24v-c3e5

vulnerability	VCID-zpeb-7dhc-9kcx

vulnerability	VCID-zqer-y4s4-hqhy

vulnerability	VCID-zvtm-9bd5-ufgy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0

url pkg:composer/drupal/core@8.8.8

purl pkg:composer/drupal/core@8.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8

url pkg:composer/drupal/core@8.9.1

purl pkg:composer/drupal/core@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1

url pkg:composer/drupal/core@9.0.1

purl pkg:composer/drupal/core@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5jy9-mhbb-nuh7

vulnerability	VCID-67da-qxh5-aydx

vulnerability	VCID-9dfs-rpqy-6kfa

vulnerability	VCID-sg4r-hncm-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1

aliases CVE-2020-13663, GHSA-m648-hpf8-qcjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vz31-7246-aken

url VCID-x783-ggg8-auck

vulnerability_id VCID-x783-ggg8-auck

summary

Incorrect Authorization
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13665

reference_id

reference_type

scores

value	0.00581
scoring_system	epss
scoring_elements	0.69303
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13665

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url