Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/core@7.42.0
purl pkg:composer/drupal/core@7.42.0
Tags Ghost
Next non-vulnerable version 10.4.9
Latest non-vulnerable version 11.2.8
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-we42-mkyk-hfer
Aliases:
CVE-2016-3169
GHSA-q3p9-8728-wq7x
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.
7.43.0
Affected by 0 other vulnerabilities.
8.0.0
Affected by 95 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:02.052648+00:00 GitLab Importer Affected by VCID-we42-mkyk-hfer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3169.yml 38.0.0