| 0 |
| url |
VCID-1hfc-zbn8-5khn |
| vulnerability_id |
VCID-1hfc-zbn8-5khn |
| summary |
Drupal core uses a vulnerable Third-party library CKEditor |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.12 |
| purl |
pkg:composer/drupal/drupal@8.7.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 1 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 2 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 3 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 4 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 5 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 6 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 7 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 8 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 9 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 10 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 11 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 12 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 13 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 14 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 15 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 16 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.4 |
| purl |
pkg:composer/drupal/drupal@8.8.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 5 |
| vulnerability |
VCID-6j4t-zjnf-fbd3 |
|
| 6 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 7 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 8 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 9 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 10 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 11 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 12 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 13 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 14 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 18 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 19 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 20 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 21 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 22 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 23 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4 |
|
|
| aliases |
GHSA-337w-fxpq-5m34
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1hfc-zbn8-5khn |
|
| 1 |
| url |
VCID-1njn-2hyh-hyhn |
| vulnerability_id |
VCID-1njn-2hyh-hyhn |
| summary |
Cross-site Scripting
XSS vulnerabiltiy in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 13 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 14 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 15 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 16 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 17 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 18 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 19 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 20 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 21 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 22 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 23 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 24 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 25 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 26 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 27 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 28 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 29 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 30 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 31 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 32 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 33 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 34 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 35 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 36 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.0-alpha1 |
| purl |
pkg:composer/drupal/drupal@8.5.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 13 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 14 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 15 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 16 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 17 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 18 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 19 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 20 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 21 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 22 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 23 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 24 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 25 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 26 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 27 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 28 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 29 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 30 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 31 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 32 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 33 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 34 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 35 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 36 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0-alpha1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 23 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 24 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 25 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 26 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 27 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 28 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 29 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 30 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 31 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 32 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 33 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 34 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 35 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 36 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 37 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
GMS-2018-57
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1njn-2hyh-hyhn |
|
| 2 |
| url |
VCID-1up8-x9s6-vbd5 |
| vulnerability_id |
VCID-1up8-x9s6-vbd5 |
| summary |
Drupal Anonymous Open Redirect |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 9 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 10 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 11 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 12 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 13 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 14 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 15 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 16 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 17 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 18 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 19 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 20 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 21 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 22 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 23 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 24 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 25 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 26 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 27 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 28 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 29 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 30 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 31 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-x6v2-xmrq-574j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1up8-x9s6-vbd5 |
|
| 3 |
| url |
VCID-26az-uqef-w7aq |
| vulnerability_id |
VCID-26az-uqef-w7aq |
| summary |
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 2 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 8 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 9 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 10 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 11 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 12 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 2 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-6j4t-zjnf-fbd3 |
|
| 7 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 13 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 16 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 17 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 18 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 22 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 23 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 24 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 25 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-m9fv-whq2-6wmc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-26az-uqef-w7aq |
|
| 4 |
| url |
VCID-26ck-rher-hfg4 |
| vulnerability_id |
VCID-26ck-rher-hfg4 |
| summary |
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://www.drupal.org/sa-core-2024-004 |
| reference_id |
sa-core-2024-004 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2024-004 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4 |
|
| 5 |
| url |
VCID-28cu-un2e-xub7 |
| vulnerability_id |
VCID-28cu-un2e-xub7 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6932, GHSA-wm86-w3cf-h6vm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-28cu-un2e-xub7 |
|
| 6 |
| url |
VCID-2wdn-8583-v3dg |
| vulnerability_id |
VCID-2wdn-8583-v3dg |
| summary |
Exposure of Resource to Wrong Sphere in Drupal Core |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 13 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 14 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 15 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 16 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 17 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13670, GHSA-mmjr-5q74-p3m4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2wdn-8583-v3dg |
|
| 7 |
| url |
VCID-4u3b-stye-77ah |
| vulnerability_id |
VCID-4u3b-stye-77ah |
| summary |
Drupal core Access control bypass |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 2 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 8 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 9 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 10 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 11 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 12 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 2 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-6j4t-zjnf-fbd3 |
|
| 7 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 13 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 16 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 17 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 18 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 22 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 23 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 24 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 25 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-5x28-3f32-x523
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3b-stye-77ah |
|
| 8 |
| url |
VCID-4z8y-2e7d-7qhb |
| vulnerability_id |
VCID-4z8y-2e7d-7qhb |
| summary |
Drupal core Remote Code Execution |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 9 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 10 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 11 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 12 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 13 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 14 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 15 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 16 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 17 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 18 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 19 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 20 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 21 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 22 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 23 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 24 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 25 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 26 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 27 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 28 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 29 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 30 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 31 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-jf8c-36vw-98x4
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4z8y-2e7d-7qhb |
|
| 9 |
| url |
VCID-57nk-7ugd-vucf |
| vulnerability_id |
VCID-57nk-7ugd-vucf |
| summary |
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://www.drupal.org/sa-core-2020-012 |
| reference_id |
sa-core-2020-012 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2020-012 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.11 |
| purl |
pkg:composer/drupal/drupal@8.8.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 7 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 8 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 9 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 10 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 11 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 12 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 13 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 14 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 15 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 16 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.9 |
| purl |
pkg:composer/drupal/drupal@8.9.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 7 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 8 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 9 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 10 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 11 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 12 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 13 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 14 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 15 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 16 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 17 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.8 |
| purl |
pkg:composer/drupal/drupal@9.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 7 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 8 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 9 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 10 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 11 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 12 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 13 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 14 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 15 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 16 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 17 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8 |
|
|
| aliases |
CVE-2020-13671, GHSA-68jc-v27h-vhmw
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-57nk-7ugd-vucf |
|
| 10 |
| url |
VCID-7sar-42a4-kqdy |
| vulnerability_id |
VCID-7sar-42a4-kqdy |
| summary |
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://www.exploit-db.com/exploits/52266 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/52266 |
|
| 6 |
| reference_url |
https://www.drupal.org/project/drupal/issues/3457781 |
| reference_id |
3457781 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/ |
|
|
| url |
https://www.drupal.org/project/drupal/issues/3457781 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45440, GHSA-mg8j-w93w-xjgc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy |
|
| 11 |
| url |
VCID-agxw-t98a-j3bm |
| vulnerability_id |
VCID-agxw-t98a-j3bm |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.0 |
| purl |
pkg:composer/drupal/drupal@8.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-28cu-un2e-xub7 |
|
| 6 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 7 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 8 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 9 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 10 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 11 |
| vulnerability |
VCID-agxw-t98a-j3bm |
|
| 12 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 13 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 14 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 15 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 16 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 17 |
| vulnerability |
VCID-fc3m-cktu-7uff |
|
| 18 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 19 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 20 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 21 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 22 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 23 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 24 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 25 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 26 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 27 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 28 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 29 |
| vulnerability |
VCID-qtax-krps-1udn |
|
| 30 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 31 |
| vulnerability |
VCID-r7kh-gpy6-juht |
|
| 32 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 33 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 34 |
| vulnerability |
VCID-sgub-4xen-bbcy |
|
| 35 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 36 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 37 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 38 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 39 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 40 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 41 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 42 |
| vulnerability |
VCID-xcck-137u-wyam |
|
| 43 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 44 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 45 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 46 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 47 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6929, GHSA-5vpr-v24w-mmjj
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-agxw-t98a-j3bm |
|
| 12 |
| url |
VCID-bha5-1s4u-3bg6 |
| vulnerability_id |
VCID-bha5-1s4u-3bg6 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.16 |
| purl |
pkg:composer/drupal/drupal@8.6.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 8 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 9 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 10 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 11 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 12 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 13 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 14 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 15 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 16 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 17 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 18 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 19 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.16 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.7.1 |
| purl |
pkg:composer/drupal/drupal@8.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 8 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 9 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 10 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 11 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 12 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 13 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 14 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 15 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 16 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 17 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 18 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 19 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 20 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 21 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 22 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.1 |
|
|
| aliases |
CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bha5-1s4u-3bg6 |
|
| 13 |
| url |
VCID-bxdv-fxzq-sbdz |
| vulnerability_id |
VCID-bxdv-fxzq-sbdz |
| summary |
Code Injection
Injection in `DefaultMailSystem::mail()`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GMS-2018-61
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bxdv-fxzq-sbdz |
|
| 14 |
| url |
VCID-cs4j-rhc4-xbhd |
| vulnerability_id |
VCID-cs4j-rhc4-xbhd |
| summary |
Drupal core Denial of Service |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 2 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 8 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 9 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 10 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 11 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 12 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 2 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-6j4t-zjnf-fbd3 |
|
| 7 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 13 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 16 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 17 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 18 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 22 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 23 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 24 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 25 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-w333-5f96-mjrr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4j-rhc4-xbhd |
|
| 15 |
| url |
VCID-ed3c-h2ww-j3gm |
| vulnerability_id |
VCID-ed3c-h2ww-j3gm |
| summary |
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://www.drupal.org/sa-core-2022-006 |
| reference_id |
sa-core-2022-006 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-006 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24775, GHSA-q7rv-6hp3-vh96
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm |
|
| 16 |
| url |
VCID-ejwp-ehyk-r3cf |
| vulnerability_id |
VCID-ejwp-ehyk-r3cf |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
External URL injection through URL aliases in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GMS-2018-59
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ejwp-ehyk-r3cf |
|
| 17 |
| url |
VCID-ftd8-be73-5bc3 |
| vulnerability_id |
VCID-ftd8-be73-5bc3 |
| summary |
security update |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.9 |
| purl |
pkg:composer/drupal/drupal@8.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.6 |
| purl |
pkg:composer/drupal/drupal@8.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 13 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 14 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 15 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 16 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 17 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 18 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 21 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 22 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 23 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 24 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6 |
|
|
| aliases |
CVE-2019-6339, GHSA-8cw5-rv98-5c46
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftd8-be73-5bc3 |
|
| 18 |
| url |
VCID-hdq9-fe9e-93hb |
| vulnerability_id |
VCID-hdq9-fe9e-93hb |
| summary |
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://www.drupal.org/sa-core-2022-012 |
| reference_id |
sa-core-2022-012 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-012 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq9-fe9e-93hb |
|
| 19 |
| url |
VCID-hyd9-kcsg-5kgb |
| vulnerability_id |
VCID-hyd9-kcsg-5kgb |
| summary |
Improper Access Control in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GMS-2018-58
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hyd9-kcsg-5kgb |
|
| 20 |
| url |
VCID-kepa-chya-sfdb |
| vulnerability_id |
VCID-kepa-chya-sfdb |
| summary |
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://www.drupal.org/sa-core-2019-003 |
| reference_id |
sa-core-2019-003 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2019-003 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.11 |
| purl |
pkg:composer/drupal/drupal@8.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 13 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 14 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 15 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 16 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 17 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 20 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 21 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 22 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 23 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.10 |
| purl |
pkg:composer/drupal/drupal@8.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 13 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 14 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 15 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 16 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 17 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 20 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 21 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 22 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 23 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10 |
|
|
| aliases |
CVE-2019-6340, GHSA-3gx6-h57h-rm27
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kepa-chya-sfdb |
|
| 21 |
| url |
VCID-krjp-u36k-17fs |
| vulnerability_id |
VCID-krjp-u36k-17fs |
| summary |
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://www.debian.org/security/2018/dsa-4180 |
| reference_id |
dsa-4180 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/ |
|
|
| url |
https://www.debian.org/security/2018/dsa-4180 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://www.drupal.org/sa-core-2018-004 |
| reference_id |
sa-core-2018-004 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2018-004 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.8 |
| purl |
pkg:composer/drupal/drupal@8.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 13 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 14 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 15 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 16 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 17 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 18 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 19 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 20 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 21 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 22 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 23 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 24 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 25 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 26 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 27 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 28 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 29 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 30 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 31 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 32 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 33 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 34 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 35 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.3 |
| purl |
pkg:composer/drupal/drupal@8.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 20 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 21 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 22 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 23 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 24 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 25 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 26 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 27 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 28 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 29 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 30 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 31 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 32 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 33 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 34 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 35 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 36 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.3 |
|
|
| aliases |
CVE-2018-7602, GHSA-297x-j9pm-xjgg
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krjp-u36k-17fs |
|
| 22 |
| url |
VCID-krqe-tg7a-yuex |
| vulnerability_id |
VCID-krqe-tg7a-yuex |
| summary |
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 9 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 10 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 11 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 12 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 13 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 14 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 15 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 16 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 17 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 18 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 19 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 20 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 21 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 22 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 23 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 24 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 25 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 26 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 27 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 28 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 29 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 30 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 31 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-jjx7-8462-w4m4
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krqe-tg7a-yuex |
|
| 23 |
| url |
VCID-kryq-8j5g-d7a6 |
| vulnerability_id |
VCID-kryq-8j5g-d7a6 |
| summary |
Cross-site Scripting in Drupal Core |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 13 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 14 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 15 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 16 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 17 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kryq-8j5g-d7a6 |
|
| 24 |
| url |
VCID-ku79-by46-s3h9 |
| vulnerability_id |
VCID-ku79-by46-s3h9 |
| summary |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.securityfocus.com/bid/103534 |
| reference_id |
103534 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
http://www.securityfocus.com/bid/103534 |
|
| 13 |
| reference_url |
http://www.securitytracker.com/id/1040598 |
| reference_id |
1040598 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
http://www.securitytracker.com/id/1040598 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://twitter.com/RicterZ/status/979567469726613504 |
| reference_id |
979567469726613504 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://twitter.com/RicterZ/status/979567469726613504 |
|
| 19 |
| reference_url |
https://twitter.com/RicterZ/status/984495201354854401 |
| reference_id |
984495201354854401 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://twitter.com/RicterZ/status/984495201354854401 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://github.com/a2u/CVE-2018-7600 |
| reference_id |
CVE-2018-7600 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://github.com/a2u/CVE-2018-7600 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
| reference_url |
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE |
| reference_id |
CVE-2018-7600-Drupal-RCE |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE |
|
| 30 |
| reference_url |
https://www.debian.org/security/2018/dsa-4156 |
| reference_id |
dsa-4156 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://www.debian.org/security/2018/dsa-4156 |
|
| 31 |
| reference_url |
https://groups.drupal.org/security/faq-2018-002 |
| reference_id |
faq-2018-002 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://groups.drupal.org/security/faq-2018-002 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
| reference_url |
https://www.drupal.org/sa-core-2018-002 |
| reference_id |
sa-core-2018-002 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2018-002 |
|
| 37 |
| reference_url |
https://greysec.net/showthread.php?tid=2912&pid=10561 |
| reference_id |
showthread.php?tid=2912&pid=10561 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://greysec.net/showthread.php?tid=2912&pid=10561 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.9 |
| purl |
pkg:composer/drupal/drupal@8.3.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 23 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 24 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 25 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 26 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 27 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 28 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 29 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 30 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 31 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 32 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 33 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 34 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 35 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 36 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 37 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 38 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.4.6 |
| purl |
pkg:composer/drupal/drupal@8.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 23 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 24 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 25 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 26 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 27 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 28 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 29 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 30 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 31 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 32 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 33 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 34 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 35 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 36 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 37 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 38 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.5.1 |
| purl |
pkg:composer/drupal/drupal@8.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 14 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 15 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 16 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 17 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 18 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 19 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 20 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 21 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 22 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 26 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 27 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 28 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 29 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 30 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 31 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 32 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 33 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 34 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 35 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 36 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 37 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 38 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 39 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.1 |
|
|
| aliases |
CVE-2018-7600, GHSA-7fh9-933g-885p
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ku79-by46-s3h9 |
|
| 25 |
| url |
VCID-nbzz-f1n8-mbdw |
| vulnerability_id |
VCID-nbzz-f1n8-mbdw |
| summary |
Drupal External URL injection through URL aliases leading to Open Redirect |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 9 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 10 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 11 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 12 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 13 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 14 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 15 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 16 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 17 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 18 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 19 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 20 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 21 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 22 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 23 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 24 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 25 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 26 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 27 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 28 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 29 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 30 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 31 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-r67r-42wx-c8r7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nbzz-f1n8-mbdw |
|
| 26 |
| url |
VCID-nhub-1map-n3by |
| vulnerability_id |
VCID-nhub-1map-n3by |
| summary |
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://www.drupal.org/sa-core-2022-014 |
| reference_id |
sa-core-2022-014 |
| reference_type |
|
| scores |
| 0 |
| value |
7.2 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-014 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nhub-1map-n3by |
|
| 27 |
| url |
VCID-qec2-bj92-pue9 |
| vulnerability_id |
VCID-qec2-bj92-pue9 |
| summary |
XSS Vulnerability
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 13 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 14 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 15 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 16 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 17 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 18 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 19 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 20 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 21 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 22 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 23 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 24 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 25 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 26 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 27 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 28 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 29 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 30 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 31 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 32 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 33 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 34 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 35 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 36 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 23 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 24 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 25 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 26 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 27 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 28 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 29 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 30 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 31 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 32 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 33 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 34 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 35 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 36 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 37 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
SA-CORE-2018-003
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qec2-bj92-pue9 |
|
| 28 |
| url |
VCID-qtax-krps-1udn |
| vulnerability_id |
VCID-qtax-krps-1udn |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6926, GHSA-2p28-5mvp-2j2r
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qtax-krps-1udn |
|
| 29 |
|
| 30 |
| url |
VCID-r7kh-gpy6-juht |
| vulnerability_id |
VCID-r7kh-gpy6-juht |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6928, GHSA-66mv-q8r2-hj8w
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r7kh-gpy6-juht |
|
| 31 |
| url |
VCID-s5ak-abr9-vbe6 |
| vulnerability_id |
VCID-s5ak-abr9-vbe6 |
| summary |
security update |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.9 |
| purl |
pkg:composer/drupal/drupal@8.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.6 |
| purl |
pkg:composer/drupal/drupal@8.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 13 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 14 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 15 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 16 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 17 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 18 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 21 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 22 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 23 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 24 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6 |
|
|
| aliases |
CVE-2019-6338, GHSA-6rmq-x2hv-vxpp
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ak-abr9-vbe6 |
|
| 32 |
| url |
VCID-s93m-ue36-vyg1 |
| vulnerability_id |
VCID-s93m-ue36-vyg1 |
| summary |
Drupal Malicious file upload with filenames stating with dot |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 2 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 8 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 9 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 10 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 11 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 12 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 2 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-6j4t-zjnf-fbd3 |
|
| 7 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-hfsr-jhw7-b3ap |
|
| 13 |
| vulnerability |
VCID-jp51-ftxv-4ud9 |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-kufg-z717-b7hm |
|
| 16 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 17 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 18 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 22 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 23 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 24 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 25 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-58xv-7h9r-mx3c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s93m-ue36-vyg1 |
|
| 33 |
| url |
VCID-sgub-4xen-bbcy |
| vulnerability_id |
VCID-sgub-4xen-bbcy |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6930, GHSA-3327-jr93-7hq3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgub-4xen-bbcy |
|
| 34 |
| url |
VCID-t33g-z4ps-ykcy |
| vulnerability_id |
VCID-t33g-z4ps-ykcy |
| summary |
Drupal Content moderation Access bypass |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 9 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 10 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 11 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 12 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 13 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 14 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 15 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 16 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 17 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 18 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 19 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 20 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 21 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 22 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 23 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 24 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 25 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 26 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 27 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 28 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 29 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 30 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 31 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-86xw-vmcx-9mj4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t33g-z4ps-ykcy |
|
| 35 |
| url |
VCID-txdd-bamb-ckcy |
| vulnerability_id |
VCID-txdd-bamb-ckcy |
| summary |
Improper Access Control
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GMS-2018-62
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txdd-bamb-ckcy |
|
| 36 |
| url |
VCID-u8xe-6xh5-6ygb |
| vulnerability_id |
VCID-u8xe-6xh5-6ygb |
| summary |
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.2.4 |
| purl |
pkg:composer/drupal/drupal@9.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-6se4-tmwu-47b2 |
|
| 4 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 5 |
| vulnerability |
VCID-91kw-xn5d-pbbe |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-gffn-t1yz-5fgj |
|
| 8 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 9 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-sdue-15dg-4ugt |
|
| 12 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 13 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 14 |
| vulnerability |
VCID-yjm8-gadp-jkhr |
|
| 15 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 16 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4 |
|
|
| aliases |
GHSA-qf65-hph9-453r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u8xe-6xh5-6ygb |
|
| 37 |
| url |
VCID-uj1s-21kp-pbhy |
| vulnerability_id |
VCID-uj1s-21kp-pbhy |
| summary |
Drupal core Arbitrary PHP code execution |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.12 |
| purl |
pkg:composer/drupal/drupal@8.8.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 4 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 5 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 8 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 9 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 10 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 11 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 12 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 13 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.10 |
| purl |
pkg:composer/drupal/drupal@8.9.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 4 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 5 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 8 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 9 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 10 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 11 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 12 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 13 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 14 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.9 |
| purl |
pkg:composer/drupal/drupal@9.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 4 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 5 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 6 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 7 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 8 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 9 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 10 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 11 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 12 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 13 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 14 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9 |
|
|
| aliases |
GHSA-j66p-fvp2-fxhj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-21kp-pbhy |
|
| 38 |
| url |
VCID-vc7s-6p62-bfaw |
| vulnerability_id |
VCID-vc7s-6p62-bfaw |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.15 |
| purl |
pkg:composer/drupal/drupal@8.5.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 11 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 12 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 13 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 14 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 15 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 16 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 17 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 18 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 19 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 20 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.15 |
| purl |
pkg:composer/drupal/drupal@8.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 10 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 11 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 12 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 13 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 14 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 15 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 16 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 17 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 18 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 19 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 20 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw |
|
| 39 |
| url |
VCID-wn4r-rc6m-xbhy |
| vulnerability_id |
VCID-wn4r-rc6m-xbhy |
| summary |
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://www.drupal.org/sa-core-2022-013 |
| reference_id |
sa-core-2022-013 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-013 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25278, GHSA-cfh2-7f6h-3m85
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wn4r-rc6m-xbhy |
|
| 40 |
| url |
VCID-x78g-nsnv-ebhc |
| vulnerability_id |
VCID-x78g-nsnv-ebhc |
| summary |
Cross-site Scripting vulnerability in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.12 |
| purl |
pkg:composer/drupal/drupal@8.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 12 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 13 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 14 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 15 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 16 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 17 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 20 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 21 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 22 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.12 |
|
|
| aliases |
GMS-2019-148
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x78g-nsnv-ebhc |
|
| 41 |
| url |
VCID-xcck-137u-wyam |
| vulnerability_id |
VCID-xcck-137u-wyam |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1njn-2hyh-hyhn |
|
| 2 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 3 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 4 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 5 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 6 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 7 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 8 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 9 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 10 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 11 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 12 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-ku79-by46-s3h9 |
|
| 23 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 24 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 25 |
| vulnerability |
VCID-qec2-bj92-pue9 |
|
| 26 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 27 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 28 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 29 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 30 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 31 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 32 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 33 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 34 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 35 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 36 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 37 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 38 |
| vulnerability |
VCID-zt27-b3qc-fbac |
|
| 39 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 40 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6927, GHSA-585j-5449-mf5m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xcck-137u-wyam |
|
| 42 |
| url |
VCID-yku8-k9fs-d7c8 |
| vulnerability_id |
VCID-yku8-k9fs-d7c8 |
| summary |
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 13 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 14 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 15 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 16 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 17 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w42-v1sq-fkac |
|
| 1 |
| vulnerability |
VCID-227y-mp79-jydd |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 4 |
| vulnerability |
VCID-7r9b-pzqb-cqea |
|
| 5 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 6 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 7 |
| vulnerability |
VCID-ggb3-jgrj-hken |
|
| 8 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 9 |
| vulnerability |
VCID-muhk-wbuy-97bu |
|
| 10 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 11 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 12 |
| vulnerability |
VCID-sqp3-huku-rqcc |
|
| 13 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 14 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 15 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 16 |
| vulnerability |
VCID-xrzg-mcnq-vqdb |
|
| 17 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 18 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13669, GHSA-c533-c843-67h8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yku8-k9fs-d7c8 |
|
| 43 |
| url |
VCID-ytts-zj5y-2kdc |
| vulnerability_id |
VCID-ytts-zj5y-2kdc |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
Anonymous Open Redirect in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 2 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 3 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 4 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 5 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 6 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 7 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 8 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 9 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 10 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 11 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 12 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 13 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 14 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 15 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 16 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 17 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 18 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 19 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 20 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 21 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 22 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 23 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 24 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 25 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 26 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GMS-2018-60
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytts-zj5y-2kdc |
|
| 44 |
| url |
VCID-zt27-b3qc-fbac |
| vulnerability_id |
VCID-zt27-b3qc-fbac |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 13 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 14 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 15 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 16 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 17 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 18 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 19 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 20 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 21 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 22 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 23 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 24 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 25 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 26 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 27 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 28 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 29 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 30 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 31 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 32 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 33 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 34 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 35 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 36 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hfc-zbn8-5khn |
|
| 1 |
| vulnerability |
VCID-1up8-x9s6-vbd5 |
|
| 2 |
| vulnerability |
VCID-26az-uqef-w7aq |
|
| 3 |
| vulnerability |
VCID-26ck-rher-hfg4 |
|
| 4 |
| vulnerability |
VCID-2wdn-8583-v3dg |
|
| 5 |
| vulnerability |
VCID-4u3b-stye-77ah |
|
| 6 |
| vulnerability |
VCID-4z8y-2e7d-7qhb |
|
| 7 |
| vulnerability |
VCID-57nk-7ugd-vucf |
|
| 8 |
| vulnerability |
VCID-7sar-42a4-kqdy |
|
| 9 |
| vulnerability |
VCID-bha5-1s4u-3bg6 |
|
| 10 |
| vulnerability |
VCID-bxdv-fxzq-sbdz |
|
| 11 |
| vulnerability |
VCID-cs4j-rhc4-xbhd |
|
| 12 |
| vulnerability |
VCID-d6bg-1u2b-1qdt |
|
| 13 |
| vulnerability |
VCID-ed3c-h2ww-j3gm |
|
| 14 |
| vulnerability |
VCID-ejwp-ehyk-r3cf |
|
| 15 |
| vulnerability |
VCID-ftd8-be73-5bc3 |
|
| 16 |
| vulnerability |
VCID-hdq9-fe9e-93hb |
|
| 17 |
| vulnerability |
VCID-hyd9-kcsg-5kgb |
|
| 18 |
| vulnerability |
VCID-kepa-chya-sfdb |
|
| 19 |
| vulnerability |
VCID-krjp-u36k-17fs |
|
| 20 |
| vulnerability |
VCID-krqe-tg7a-yuex |
|
| 21 |
| vulnerability |
VCID-kryq-8j5g-d7a6 |
|
| 22 |
| vulnerability |
VCID-nbzz-f1n8-mbdw |
|
| 23 |
| vulnerability |
VCID-nhub-1map-n3by |
|
| 24 |
| vulnerability |
VCID-qvsn-ab7h-cqc5 |
|
| 25 |
| vulnerability |
VCID-s5ak-abr9-vbe6 |
|
| 26 |
| vulnerability |
VCID-s93m-ue36-vyg1 |
|
| 27 |
| vulnerability |
VCID-t33g-z4ps-ykcy |
|
| 28 |
| vulnerability |
VCID-txdd-bamb-ckcy |
|
| 29 |
| vulnerability |
VCID-u8xe-6xh5-6ygb |
|
| 30 |
| vulnerability |
VCID-uj1s-21kp-pbhy |
|
| 31 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 32 |
| vulnerability |
VCID-wn4r-rc6m-xbhy |
|
| 33 |
| vulnerability |
VCID-x78g-nsnv-ebhc |
|
| 34 |
| vulnerability |
VCID-yku8-k9fs-d7c8 |
|
| 35 |
| vulnerability |
VCID-ytts-zj5y-2kdc |
|
| 36 |
| vulnerability |
VCID-zxut-nxke-7fce |
|
| 37 |
| vulnerability |
VCID-zymc-a812-1ua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
CVE-2018-9861, GHSA-g78h-pf65-46rv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zt27-b3qc-fbac |
|
| 45 |
| url |
VCID-zxut-nxke-7fce |
| vulnerability_id |
VCID-zxut-nxke-7fce |
| summary |
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://www.drupal.org/sa-core-2022-008 |
| reference_id |
sa-core-2022-008 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-008 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25273, GHSA-g36h-4jr6-qmm9
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zxut-nxke-7fce |
|
| 46 |
|