Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/16038?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16038?format=api", "vulnerability_id": "VCID-pyjy-13mt-cyck", "summary": "Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "aliases": [ { "alias": "CVE-2019-6340" }, { "alias": "GHSA-3gx6-h57h-rm27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61327?format=api", "purl": "pkg:composer/drupal/core@8.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-795n-caf2-fbcq" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/61325?format=api", "purl": "pkg:composer/drupal/core@8.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-795n-caf2-fbcq" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/61649?format=api", "purl": "pkg:composer/drupal/drupal@8.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-zd4q-kddb-t3ha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/61650?format=api", "purl": "pkg:composer/drupal/drupal@8.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-zd4q-kddb-t3ha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51564?format=api", "purl": "pkg:composer/drupal/core@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-1xsh-7f63-v3df" }, { "vulnerability": "VCID-3x3y-uf5e-m7hw" }, { "vulnerability": "VCID-4zg8-2vm9-ubch" }, { "vulnerability": "VCID-55x9-nh66-1qh5" }, { "vulnerability": "VCID-5821-1xss-8fdu" }, { "vulnerability": "VCID-6v3q-vxwh-wyd3" }, { "vulnerability": "VCID-73wt-yx56-tqd4" }, { "vulnerability": "VCID-757r-nv73-gfhg" }, { "vulnerability": "VCID-795n-caf2-fbcq" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-ardj-zyxg-9ued" }, { "vulnerability": "VCID-bxh1-7fvj-zybm" }, { "vulnerability": "VCID-c6xh-peyj-7baj" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-ezsv-96h9-x3ah" }, { "vulnerability": "VCID-fbqa-6fpw-kyg9" }, { "vulnerability": "VCID-g6px-rqtp-vqev" }, { "vulnerability": "VCID-gaay-gs4k-5fba" }, { "vulnerability": "VCID-gt4j-am1s-ckan" }, { "vulnerability": "VCID-gvey-a924-8qhf" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-j1yc-pqhw-pbh1" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-jgec-wuca-bbf1" }, { "vulnerability": "VCID-ksza-1wkb-hug6" }, { "vulnerability": "VCID-n2z8-yesj-9bea" }, { "vulnerability": "VCID-nqz7-ej49-ckay" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-re2h-u5bk-wqbw" }, { "vulnerability": "VCID-swh1-rvuw-jqfx" }, { "vulnerability": "VCID-v4qa-rqty-p7fs" }, { "vulnerability": "VCID-vbkh-vghp-qqht" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-ze3s-89wm-2kg2" }, { "vulnerability": "VCID-zw77-b3nt-gbag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51568?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-1jfe-j1fz-juec" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-1unn-dn56-vufe" }, { "vulnerability": "VCID-1xsh-7f63-v3df" }, { "vulnerability": "VCID-2bnn-1wmq-ckdd" }, { "vulnerability": "VCID-3k2a-rajw-87cb" }, { "vulnerability": "VCID-3x3y-uf5e-m7hw" }, { "vulnerability": "VCID-49e1-axzk-3bdq" }, { "vulnerability": "VCID-4p5n-ujzt-qfdx" }, { "vulnerability": "VCID-4un9-k6n8-nffu" }, { "vulnerability": "VCID-51ze-a1zm-ukey" }, { "vulnerability": "VCID-55x9-nh66-1qh5" }, { "vulnerability": "VCID-5821-1xss-8fdu" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-757r-nv73-gfhg" }, { "vulnerability": "VCID-7kzf-7csh-wkds" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-8fxw-fw46-yuar" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-9ux4-434v-jbb9" }, { "vulnerability": "VCID-ardj-zyxg-9ued" }, { "vulnerability": "VCID-az1b-uzab-jqdh" }, { "vulnerability": "VCID-b2x6-54c3-jqa2" }, { "vulnerability": "VCID-bnw7-px2h-ubha" }, { "vulnerability": "VCID-cfty-fvf7-3kcx" }, { "vulnerability": "VCID-d173-npte-yqdt" }, { "vulnerability": "VCID-dhzk-3ek4-2uf8" }, { "vulnerability": "VCID-e8mp-5awh-eybz" }, { "vulnerability": "VCID-ejt8-umuh-g7e7" }, { "vulnerability": "VCID-ezsv-96h9-x3ah" }, { "vulnerability": "VCID-f687-ubdn-37en" }, { "vulnerability": "VCID-fmc9-t9a1-5fcx" }, { "vulnerability": "VCID-fmyh-mnq6-uyb9" }, { "vulnerability": "VCID-fx6n-du84-yya2" }, { "vulnerability": "VCID-fy43-ubmr-pfhu" }, { "vulnerability": "VCID-g3u3-6dza-gkg7" }, { "vulnerability": "VCID-g6px-rqtp-vqev" }, { "vulnerability": "VCID-gr7c-tbh9-ayh6" }, { "vulnerability": "VCID-h93x-dbpr-q7cz" }, { "vulnerability": "VCID-hz2k-at38-wbeb" }, { "vulnerability": "VCID-j1yc-pqhw-pbh1" }, { "vulnerability": "VCID-j2g3-u36y-nqdv" }, { "vulnerability": "VCID-j4r9-8g22-vydm" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-j59x-5swn-fuga" }, { "vulnerability": "VCID-j7zf-w99n-nfcf" }, { "vulnerability": "VCID-jgec-wuca-bbf1" }, { "vulnerability": "VCID-jyzy-3fjs-b3fs" }, { "vulnerability": "VCID-kd54-616n-wbcw" }, { "vulnerability": "VCID-ksza-1wkb-hug6" }, { "vulnerability": "VCID-ktfj-va32-2kbe" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-n6tq-72g7-afdg" }, { "vulnerability": "VCID-nf7d-x5nj-d3dc" }, { "vulnerability": "VCID-nfzm-eyht-kkb1" }, { "vulnerability": "VCID-ngmk-qxmz-gkdz" }, { "vulnerability": "VCID-nqz7-ej49-ckay" }, { "vulnerability": "VCID-nszv-9z68-bqeu" }, { "vulnerability": "VCID-pbqh-x6zw-duhn" }, { "vulnerability": "VCID-phkw-q4nd-m7hh" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qf91-4h5f-fuhv" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-re2h-u5bk-wqbw" }, { "vulnerability": "VCID-s6ek-bjnx-9fc1" }, { "vulnerability": "VCID-s8d1-k9q4-nkds" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-svhr-wt5d-xbbq" }, { "vulnerability": "VCID-swh1-rvuw-jqfx" }, { "vulnerability": "VCID-ta2u-bd9e-nfc7" }, { "vulnerability": "VCID-tv1h-9yxp-ryap" }, { "vulnerability": "VCID-txkf-hpah-r3hu" }, { "vulnerability": "VCID-ty8g-qrbm-cuf3" }, { "vulnerability": "VCID-unh6-xwtu-mkbt" }, { "vulnerability": "VCID-v2h1-1cfd-muft" }, { "vulnerability": "VCID-v4qa-rqty-p7fs" }, { "vulnerability": "VCID-vbkh-vghp-qqht" }, { "vulnerability": "VCID-vby4-6r8z-6qgy" }, { "vulnerability": "VCID-vtwk-c1zr-jue5" }, { "vulnerability": "VCID-vzwv-ueuz-myar" }, { "vulnerability": "VCID-w85b-dws8-uyf1" }, { "vulnerability": "VCID-w9xe-83yw-mbhy" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" }, { "vulnerability": "VCID-zw77-b3nt-gbag" }, { "vulnerability": "VCID-zye6-b5h4-kqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/56656?format=api", "purl": "pkg:composer/drupal/core@8.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-1jfe-j1fz-juec" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-757r-nv73-gfhg" }, { "vulnerability": "VCID-795n-caf2-fbcq" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-ezsv-96h9-x3ah" }, { "vulnerability": "VCID-fmc9-t9a1-5fcx" }, { "vulnerability": "VCID-gr7c-tbh9-ayh6" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-j4r9-8g22-vydm" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-nfzm-eyht-kkb1" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-re2h-u5bk-wqbw" }, { "vulnerability": "VCID-vby4-6r8z-6qgy" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-zw77-b3nt-gbag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/55775?format=api", "purl": "pkg:composer/drupal/drupal@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xsh-7f63-v3df" }, { "vulnerability": "VCID-4yqy-eqn7-wkcf" }, { "vulnerability": "VCID-5821-1xss-8fdu" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-99sr-urzq-8few" }, { "vulnerability": "VCID-ardj-zyxg-9ued" }, { "vulnerability": "VCID-bxh1-7fvj-zybm" }, { "vulnerability": "VCID-c6xh-peyj-7baj" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-ecke-bvya-aud5" }, { "vulnerability": "VCID-ey3a-eeqb-7fdq" }, { "vulnerability": "VCID-gaay-gs4k-5fba" }, { "vulnerability": "VCID-gt4j-am1s-ckan" }, { "vulnerability": "VCID-gvey-a924-8qhf" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-hp2b-trqy-ubfx" }, { "vulnerability": "VCID-hqyt-nhb4-4ycr" }, { "vulnerability": "VCID-j1yc-pqhw-pbh1" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-janh-95vp-bqfh" }, { "vulnerability": "VCID-jgec-wuca-bbf1" }, { "vulnerability": "VCID-ksza-1wkb-hug6" }, { "vulnerability": "VCID-mq6q-svzv-9fd1" }, { "vulnerability": "VCID-n2z8-yesj-9bea" }, { "vulnerability": "VCID-nqz7-ej49-ckay" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-qdwc-2mrq-6qgk" }, { "vulnerability": "VCID-swh1-rvuw-jqfx" }, { "vulnerability": "VCID-tj7d-ydqk-6kga" }, { "vulnerability": "VCID-ukc1-s92n-yydh" }, { "vulnerability": "VCID-v4qa-rqty-p7fs" }, { "vulnerability": "VCID-vbkh-vghp-qqht" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-zd4q-kddb-t3ha" }, { "vulnerability": "VCID-ze3s-89wm-2kg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51570?format=api", "purl": "pkg:composer/drupal/drupal@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1unn-dn56-vufe" }, { "vulnerability": "VCID-1xsh-7f63-v3df" }, { "vulnerability": "VCID-2bnn-1wmq-ckdd" }, { "vulnerability": "VCID-2yyq-kyeu-uufc" }, { "vulnerability": "VCID-3k2a-rajw-87cb" }, { "vulnerability": "VCID-4p5n-ujzt-qfdx" }, { "vulnerability": "VCID-4un9-k6n8-nffu" }, { "vulnerability": "VCID-4yqy-eqn7-wkcf" }, { "vulnerability": "VCID-4zg8-2vm9-ubch" }, { "vulnerability": "VCID-51ze-a1zm-ukey" }, { "vulnerability": "VCID-55x9-nh66-1qh5" }, { "vulnerability": "VCID-5821-1xss-8fdu" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-7kzf-7csh-wkds" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-8fxw-fw46-yuar" }, { "vulnerability": "VCID-99sr-urzq-8few" }, { "vulnerability": "VCID-aknt-8ey4-m7hr" }, { "vulnerability": "VCID-ardj-zyxg-9ued" }, { "vulnerability": "VCID-az1b-uzab-jqdh" }, { "vulnerability": "VCID-b2x6-54c3-jqa2" }, { "vulnerability": "VCID-bavm-v6d9-sqd9" }, { "vulnerability": "VCID-bhyk-vjnk-e3af" }, { "vulnerability": "VCID-cfty-fvf7-3kcx" }, { "vulnerability": "VCID-crny-qmhc-tqfm" }, { "vulnerability": "VCID-d173-npte-yqdt" }, { "vulnerability": "VCID-dhzk-3ek4-2uf8" }, { "vulnerability": "VCID-e8mp-5awh-eybz" }, { "vulnerability": "VCID-e9pt-c5az-ebe2" }, { "vulnerability": "VCID-ejt8-umuh-g7e7" }, { "vulnerability": "VCID-f687-ubdn-37en" }, { "vulnerability": "VCID-f81c-sjqn-wbc3" }, { "vulnerability": "VCID-fbqa-6fpw-kyg9" }, { "vulnerability": "VCID-fmyh-mnq6-uyb9" }, { "vulnerability": "VCID-fx6n-du84-yya2" }, { "vulnerability": "VCID-g3u3-6dza-gkg7" }, { "vulnerability": "VCID-h93x-dbpr-q7cz" }, { "vulnerability": "VCID-hqyt-nhb4-4ycr" }, { "vulnerability": "VCID-hz2k-at38-wbeb" }, { "vulnerability": "VCID-j1yc-pqhw-pbh1" }, { "vulnerability": "VCID-j2g3-u36y-nqdv" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-j7zf-w99n-nfcf" }, { "vulnerability": "VCID-jecz-bm88-9uf1" }, { "vulnerability": "VCID-jgec-wuca-bbf1" }, { "vulnerability": "VCID-kd54-616n-wbcw" }, { "vulnerability": "VCID-kymb-9kr6-fkd7" }, { "vulnerability": "VCID-n5ur-2ytr-qbh5" }, { "vulnerability": "VCID-n6tq-72g7-afdg" }, { "vulnerability": "VCID-nqz7-ej49-ckay" }, { "vulnerability": "VCID-nszv-9z68-bqeu" }, { "vulnerability": "VCID-p6q6-apzp-pbbh" }, { "vulnerability": "VCID-pbqh-x6zw-duhn" }, { "vulnerability": "VCID-phkw-q4nd-m7hh" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-qdwc-2mrq-6qgk" }, { "vulnerability": "VCID-qf91-4h5f-fuhv" }, { "vulnerability": "VCID-s8d1-k9q4-nkds" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-svhr-wt5d-xbbq" }, { "vulnerability": "VCID-ta2u-bd9e-nfc7" }, { "vulnerability": "VCID-tj7d-ydqk-6kga" }, { "vulnerability": "VCID-ukc1-s92n-yydh" }, { "vulnerability": "VCID-unh6-xwtu-mkbt" }, { "vulnerability": "VCID-v2h1-1cfd-muft" }, { "vulnerability": "VCID-v4qa-rqty-p7fs" }, { "vulnerability": "VCID-vbkh-vghp-qqht" }, { "vulnerability": "VCID-vtwk-c1zr-jue5" }, { "vulnerability": "VCID-vzwv-ueuz-myar" }, { "vulnerability": "VCID-w85b-dws8-uyf1" }, { "vulnerability": "VCID-w9xe-83yw-mbhy" }, { "vulnerability": "VCID-waz7-ejwd-d3eh" }, { "vulnerability": "VCID-x5b9-68nh-rucd" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-zd4q-kddb-t3ha" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/56662?format=api", "purl": "pkg:composer/drupal/drupal@8.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yyq-kyeu-uufc" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-99sr-urzq-8few" }, { "vulnerability": "VCID-crny-qmhc-tqfm" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-n5ur-2ytr-qbh5" }, { "vulnerability": "VCID-p6q6-apzp-pbbh" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-qdwc-2mrq-6qgk" }, { "vulnerability": "VCID-tj7d-ydqk-6kga" }, { "vulnerability": "VCID-ukc1-s92n-yydh" }, { "vulnerability": "VCID-waz7-ejwd-d3eh" }, { "vulnerability": "VCID-x5b9-68nh-rucd" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" }, { "vulnerability": "VCID-zd4q-kddb-t3ha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99979", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" }, { "reference_url": "http://www.securityfocus.com/bid/107106", "reference_id": "107106", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "http://www.securityfocus.com/bid/107106" }, { "reference_url": "https://www.exploit-db.com/exploits/46452/", "reference_id": "46452", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46452/" }, { "reference_url": "https://www.exploit-db.com/exploits/46459/", "reference_id": "46459", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46459/" }, { "reference_url": "https://www.exploit-db.com/exploits/46510/", "reference_id": "46510", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46510/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb" }, { "reference_url": "https://www.ambionics.io/blog/drupal8-rce", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://www.ambionics.io/blog/drupal8-rce" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" } ], "weaknesses": [ { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [ { "date_added": "2022-03-25", "description": "In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.", "required_action": "Apply updates per vendor instructions.", "due_date": "2022-04-15", "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "known_ransomware_campaign_use": false, "source_date_published": null, "exploit_type": null, "platform": null, "source_date_updated": null, "data_source": "KEV", "source_url": null }, { "date_added": null, "description": "This module exploits a PHP unserialize() vulnerability in Drupal RESTful\n Web Services by sending a crafted request to the /node REST endpoint.\n\n As per SA-CORE-2019-003, the initial remediation was to disable POST,\n PATCH, and PUT, but Ambionics discovered that GET was also vulnerable\n (albeit cached). Cached nodes can be exploited only once.\n\n Drupal updated SA-CORE-2019-003 with PSA-2019-02-22 to notify users of\n this alternate vector.\n\n Drupal < 8.5.11 and < 8.6.10 are vulnerable.", "required_action": null, "due_date": null, "notes": "AKA:\n - SA-CORE-2019-003\nStability:\n - crash-safe\nSideEffects:\n - ioc-in-logs\nReliability:\n - unreliable-session\n", "known_ransomware_campaign_use": false, "source_date_published": "2019-02-20", "exploit_type": null, "platform": "PHP,Unix", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/drupal_restws_unserialize.rb" }, { "date_added": "2019-02-25", "description": "Drupal < 8.6.9 - REST Module Remote Code Execution", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": false, "source_date_published": "2019-02-25", "exploit_type": "webapps", "platform": "php", "source_date_updated": "2019-02-25", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": "7.0 - 8.9", "exploitability": "2.0", "weighted_severity": "8.0", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyjy-13mt-cyck" }