Search for packages
| purl | pkg:composer/drupal/core@8.6.0-beta1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-163u-tpj9-skc5
Aliases: GMS-2019-147 |
Cross-site Scripting vulnerability in drupal. |
Affected by 16 other vulnerabilities. |
|
VCID-1jfe-j1fz-juec
Aliases: GMS-2018-54 |
URL Redirection to Untrusted Site ('Open Redirect') Anonymous Open Redirect in drupal. |
Affected by 20 other vulnerabilities. |
|
VCID-1xsh-7f63-v3df
Aliases: CVE-2020-13672 GHSA-3m36-mjwj-352c |
multiple issues |
Affected by 6 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-49e1-axzk-3bdq
Aliases: CVE-2020-13674 GHSA-j586-cj67-vg4p |
multiple issues |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-4p5n-ujzt-qfdx
Aliases: CVE-2020-13669 GHSA-c533-c843-67h8 |
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
Affected by 10 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-5qvn-f9d3-kygg
Aliases: CVE-2022-39261 GHSA-52m2-vc4m-jj33 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-757r-nv73-gfhg
Aliases: GMS-2018-55 |
Code Injection Injection in `DefaultMailSystem::mail()`. |
Affected by 20 other vulnerabilities. |
|
VCID-7qhc-n6hc-ukbu
Aliases: CVE-2019-11831 GHSA-xv7v-rf6g-xwrc |
Moderately critical - Third-party libraries - SA-CORE-2019-007 The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL. |
Affected by 12 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-b2x6-54c3-jqa2
Aliases: CVE-2022-24775 GHSA-q7rv-6hp3-vh96 |
Improper Input Validation guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-f687-ubdn-37en
Aliases: CVE-2020-13670 GHSA-mmjr-5q74-p3m4 |
Exposure of Resource to Wrong Sphere Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
Affected by 10 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-j545-f44v-w3cn
Aliases: CVE-2019-6339 GHSA-8cw5-rv98-5c46 |
Improper Input Validation A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. |
Affected by 18 other vulnerabilities. |
|
VCID-j59x-5swn-fuga
Aliases: CVE-2020-13677 GHSA-3xr3-phjp-g6p2 |
multiple issues |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-jgec-wuca-bbf1
Aliases: CVE-2020-13671 GHSA-68jc-v27h-vhmw |
Drupal core Unrestricted Upload of File with Dangerous Type Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. |
Affected by 9 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-n6tq-72g7-afdg
Aliases: CVE-2020-13668 GHSA-m6q5-wv4x-fv6h |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
Affected by 10 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-nfzm-eyht-kkb1
Aliases: GMS-2018-52 |
Improper Access Control in drupal. |
Affected by 20 other vulnerabilities. |
|
VCID-ngmk-qxmz-gkdz
Aliases: CVE-2020-13675 GHSA-v8wr-r69p-mmwx |
multiple issues |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-re2h-u5bk-wqbw
Aliases: GMS-2018-53 |
URL Redirection to Untrusted Site ('Open Redirect') External URL injection through URL aliases in drupal. |
Affected by 20 other vulnerabilities. |
|
VCID-s6ek-bjnx-9fc1
Aliases: CVE-2020-13676 GHSA-qfhg-m6r8-xxpj |
multiple issues |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-swh1-rvuw-jqfx
Aliases: CVE-2020-28948 GHSA-jh5x-hfhg-78jq |
Affected by 8 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
|
VCID-vby4-6r8z-6qgy
Aliases: GMS-2018-56 |
Improper Access Control In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. |
Affected by 20 other vulnerabilities. |
|
VCID-yy7m-f66v-fbhz
Aliases: CVE-2019-6338 GHSA-6rmq-x2hv-vxpp |
Deserialization of Untrusted Data Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. |
Affected by 18 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||