{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","type":"composer","namespace":"drupal","name":"drupal","version":"8.3.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.11","latest_non_vulnerable_version":"11.0.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211814?format=json","vulnerability_id":"VCID-1hfc-zbn8-5khn","summary":"Drupal core uses a vulnerable Third-party library CKEditor","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2020-001","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2020-001"},{"reference_url":"https://github.com/advisories/GHSA-337w-fxpq-5m34","reference_id":"GHSA-337w-fxpq-5m34","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-337w-fxpq-5m34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31253?format=json","purl":"pkg:composer/drupal/drupal@8.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12"},{"url":"http://public2.vulnerablecode.io/api/packages/31252?format=json","purl":"pkg:composer/drupal/drupal@8.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-6j4t-zjnf-fbd3"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4"}],"aliases":["GHSA-337w-fxpq-5m34"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hfc-zbn8-5khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362295?format=json","vulnerability_id":"VCID-1njn-2hyh-hyhn","summary":"Cross-site Scripting\nXSS vulnerabiltiy in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386384?format=json","purl":"pkg:composer/drupal/drupal@8.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/421909?format=json","purl":"pkg:composer/drupal/drupal@8.5.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/386385?format=json","purl":"pkg:composer/drupal/drupal@8.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2"}],"aliases":["GMS-2018-57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1njn-2hyh-hyhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211806?format=json","vulnerability_id":"VCID-1up8-x9s6-vbd5","summary":"Drupal Anonymous Open Redirect","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-x6v2-xmrq-574j","reference_id":"GHSA-x6v2-xmrq-574j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6v2-xmrq-574j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31247?format=json","purl":"pkg:composer/drupal/drupal@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GHSA-x6v2-xmrq-574j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1up8-x9s6-vbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211812?format=json","vulnerability_id":"VCID-26az-uqef-w7aq","summary":"Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2019-012","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-012"},{"reference_url":"https://github.com/advisories/GHSA-m9fv-whq2-6wmc","reference_id":"GHSA-m9fv-whq2-6wmc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9fv-whq2-6wmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31249?format=json","purl":"pkg:composer/drupal/drupal@8.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/31250?format=json","purl":"pkg:composer/drupal/drupal@8.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-6j4t-zjnf-fbd3"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1"}],"aliases":["GHSA-m9fv-whq2-6wmc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26az-uqef-w7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59568?format=json","vulnerability_id":"VCID-26ck-rher-hfg4","summary":"A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55634","reference_id":"","reference_type":"","scores":[{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78888","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55634"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55634","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55634"},{"reference_url":"https://github.com/advisories/GHSA-7cwc-fjqm-8vh8","reference_id":"GHSA-7cwc-fjqm-8vh8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cwc-fjqm-8vh8"},{"reference_url":"https://www.drupal.org/sa-core-2024-004","reference_id":"sa-core-2024-004","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/"}],"url":"https://www.drupal.org/sa-core-2024-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372343?format=json","purl":"pkg:composer/drupal/drupal@10.2.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/372344?format=json","purl":"pkg:composer/drupal/drupal@10.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/372350?format=json","purl":"pkg:composer/drupal/drupal@11.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.8"}],"aliases":["CVE-2024-55634","GHSA-7cwc-fjqm-8vh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172344?format=json","vulnerability_id":"VCID-28cu-un2e-xub7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6932","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.60025","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6932","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6932"},{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6932","GHSA-wm86-w3cf-h6vm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28cu-un2e-xub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208145?format=json","vulnerability_id":"VCID-2wdn-8583-v3dg","summary":"Exposure of Resource to Wrong Sphere in Drupal Core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13670","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62771","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13670"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d"},{"reference_url":"https://www.drupal.org/sa-core-2020-011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2020-011"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13670","reference_id":"CVE-2020-13670","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13670"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml","reference_id":"CVE-2020-13670.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml","reference_id":"CVE-2020-13670.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mmjr-5q74-p3m4","reference_id":"GHSA-mmjr-5q74-p3m4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmjr-5q74-p3m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19344?format=json","purl":"pkg:composer/drupal/drupal@8.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/19350?format=json","purl":"pkg:composer/drupal/drupal@8.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/19346?format=json","purl":"pkg:composer/drupal/drupal@9.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6"}],"aliases":["CVE-2020-13670","GHSA-mmjr-5q74-p3m4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wdn-8583-v3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211811?format=json","vulnerability_id":"VCID-4u3b-stye-77ah","summary":"Drupal core Access control bypass","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2019-011","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-011"},{"reference_url":"https://github.com/advisories/GHSA-5x28-3f32-x523","reference_id":"GHSA-5x28-3f32-x523","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5x28-3f32-x523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31249?format=json","purl":"pkg:composer/drupal/drupal@8.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/31250?format=json","purl":"pkg:composer/drupal/drupal@8.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-6j4t-zjnf-fbd3"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1"}],"aliases":["GHSA-5x28-3f32-x523"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3b-stye-77ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211809?format=json","vulnerability_id":"VCID-4z8y-2e7d-7qhb","summary":"Drupal core Remote Code Execution","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-jf8c-36vw-98x4","reference_id":"GHSA-jf8c-36vw-98x4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jf8c-36vw-98x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31247?format=json","purl":"pkg:composer/drupal/drupal@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GHSA-jf8c-36vw-98x4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4z8y-2e7d-7qhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153611?format=json","vulnerability_id":"VCID-57nk-7ugd-vucf","summary":"Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13671","reference_id":"","reference_type":"","scores":[{"value":"0.02599","scoring_system":"epss","scoring_elements":"0.85938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13671"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13671","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13671"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/","reference_id":"5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"},{"reference_url":"https://github.com/advisories/GHSA-68jc-v27h-vhmw","reference_id":"GHSA-68jc-v27h-vhmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68jc-v27h-vhmw"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/","reference_id":"KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"},{"reference_url":"https://www.drupal.org/sa-core-2020-012","reference_id":"sa-core-2020-012","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/"}],"url":"https://www.drupal.org/sa-core-2020-012"},{"reference_url":"https://usn.ubuntu.com/6981-1/","reference_id":"USN-6981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-1/"},{"reference_url":"https://usn.ubuntu.com/6981-2/","reference_id":"USN-6981-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382206?format=json","purl":"pkg:composer/drupal/drupal@8.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/382207?format=json","purl":"pkg:composer/drupal/drupal@8.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/382208?format=json","purl":"pkg:composer/drupal/drupal@9.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8"}],"aliases":["CVE-2020-13671","GHSA-68jc-v27h-vhmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57nk-7ugd-vucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40418?format=json","vulnerability_id":"VCID-7sar-42a4-kqdy","summary":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440","reference_id":"","reference_type":"","scores":[{"value":"0.86689","scoring_system":"epss","scoring_elements":"0.99442","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440"},{"reference_url":"https://github.com/github/advisory-database/pull/4827","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/4827"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.2.9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.2.9"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.3.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.3.6"},{"reference_url":"https://www.drupal.org/project/drupal/releases/11.0.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/11.0.5"},{"reference_url":"https://www.exploit-db.com/exploits/52266","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/52266"},{"reference_url":"https://www.drupal.org/project/drupal/issues/3457781","reference_id":"3457781","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://www.drupal.org/project/drupal/issues/3457781"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py","reference_id":"CVE-2024-45440","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440","reference_id":"CVE-2024-45440","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/","reference_id":"CVE-2024-45440-Explained","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained","reference_id":"CVE-2024-45440-EXPLAINED","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained"},{"reference_url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc","reference_id":"GHSA-mg8j-w93w-xjgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33152?format=json","purl":"pkg:composer/drupal/drupal@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/736819?format=json","purl":"pkg:composer/drupal/drupal@10.3.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/33154?format=json","purl":"pkg:composer/drupal/drupal@10.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/736822?format=json","purl":"pkg:composer/drupal/drupal@11.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/33149?format=json","purl":"pkg:composer/drupal/drupal@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-ggb3-jgrj-hken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.5"}],"aliases":["CVE-2024-45440","GHSA-mg8j-w93w-xjgc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172342?format=json","vulnerability_id":"VCID-agxw-t98a-j3bm","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6929","reference_id":"","reference_type":"","scores":[{"value":"0.00603","scoring_system":"epss","scoring_elements":"0.70058","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6929","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6929"},{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384817?format=json","purl":"pkg:composer/drupal/drupal@8.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-fc3m-cktu-7uff"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6929","GHSA-5vpr-v24w-mmjj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agxw-t98a-j3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177343?format=json","vulnerability_id":"VCID-bha5-1s4u-3bg6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11831","reference_id":"","reference_type":"","scores":[{"value":"0.28615","scoring_system":"epss","scoring_elements":"0.96644","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml"},{"reference_url":"https://github.com/TYPO3/phar-stream-wrapper","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/phar-stream-wrapper"},{"reference_url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1"},{"reference_url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11831","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11831"},{"reference_url":"https://seclists.org/bugtraq/2019/May/36","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/36"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2019-007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-psa-2019-007"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2019-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-psa-2019-007/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4445","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4445"},{"reference_url":"https://www.drupal.org/sa-core-2019-007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-007"},{"reference_url":"https://www.drupal.org/SA-CORE-2019-007","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2019-007"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_22","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_22"},{"reference_url":"http://www.securityfocus.com/bid/108302","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108302"},{"reference_url":"https://github.com/advisories/GHSA-xv7v-rf6g-xwrc","reference_id":"GHSA-xv7v-rf6g-xwrc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7v-rf6g-xwrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382595?format=json","purl":"pkg:composer/drupal/drupal@8.6.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.16"},{"url":"http://public2.vulnerablecode.io/api/packages/382596?format=json","purl":"pkg:composer/drupal/drupal@8.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.1"}],"aliases":["CVE-2019-11831","GHSA-xv7v-rf6g-xwrc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bha5-1s4u-3bg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362316?format=json","vulnerability_id":"VCID-bxdv-fxzq-sbdz","summary":"Code Injection\nInjection in `DefaultMailSystem::mail()`.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GMS-2018-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxdv-fxzq-sbdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211810?format=json","vulnerability_id":"VCID-cs4j-rhc4-xbhd","summary":"Drupal core Denial of Service","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2019-009","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-009"},{"reference_url":"https://github.com/advisories/GHSA-w333-5f96-mjrr","reference_id":"GHSA-w333-5f96-mjrr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w333-5f96-mjrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31249?format=json","purl":"pkg:composer/drupal/drupal@8.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/31250?format=json","purl":"pkg:composer/drupal/drupal@8.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-6j4t-zjnf-fbd3"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1"}],"aliases":["GHSA-w333-5f96-mjrr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4j-rhc4-xbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173496?format=json","vulnerability_id":"VCID-ed3c-h2ww-j3gm","summary":"guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24775","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775"},{"reference_url":"https://github.com/guzzle/psr7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/psr7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236","reference_id":"1008236","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236"},{"reference_url":"https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc","reference_id":"9a96d9db668b485361ed9de7b5bf1e54895df1dc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24775","reference_id":"CVE-2022-24775","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24775"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml","reference_id":"CVE-2022-24775.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml"},{"reference_url":"https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1","reference_id":"e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1"},{"reference_url":"https://github.com/advisories/GHSA-q7rv-6hp3-vh96","reference_id":"GHSA-q7rv-6hp3-vh96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7rv-6hp3-vh96"},{"reference_url":"https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96","reference_id":"GHSA-q7rv-6hp3-vh96","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96"},{"reference_url":"https://www.drupal.org/sa-core-2022-006","reference_id":"sa-core-2022-006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://www.drupal.org/sa-core-2022-006"},{"reference_url":"https://usn.ubuntu.com/6670-1/","reference_id":"USN-6670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392285?format=json","purl":"pkg:composer/drupal/drupal@9.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-91kw-xn5d-pbbe"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/546039?format=json","purl":"pkg:composer/drupal/drupal@9.3.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/392286?format=json","purl":"pkg:composer/drupal/drupal@9.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-91kw-xn5d-pbbe"},{"vulnerability":"VCID-cdm9-t56e-83aj"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/546042?format=json","purl":"pkg:composer/drupal/drupal@10.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.0.0-alpha1"}],"aliases":["CVE-2022-24775","GHSA-q7rv-6hp3-vh96"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362315?format=json","vulnerability_id":"VCID-ejwp-ehyk-r3cf","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GMS-2018-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejwp-ehyk-r3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179359?format=json","vulnerability_id":"VCID-ftd8-be73-5bc3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6339","reference_id":"","reference_type":"","scores":[{"value":"0.76091","scoring_system":"epss","scoring_elements":"0.98942","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4370","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4370"},{"reference_url":"https://www.drupal.org/sa-core-2019-002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6339","reference_id":"CVE-2019-6339","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6339"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml","reference_id":"CVE-2019-6339.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml","reference_id":"CVE-2019-6339.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8cw5-rv98-5c46","reference_id":"GHSA-8cw5-rv98-5c46","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8cw5-rv98-5c46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15865?format=json","purl":"pkg:composer/drupal/drupal@8.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15864?format=json","purl":"pkg:composer/drupal/drupal@8.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6"}],"aliases":["CVE-2019-6339","GHSA-8cw5-rv98-5c46"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftd8-be73-5bc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163547?format=json","vulnerability_id":"VCID-hdq9-fe9e-93hb","summary":"In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25275","reference_id":"","reference_type":"","scores":[{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69346","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25275"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf"},{"reference_url":"https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25275","reference_id":"CVE-2022-25275","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25275"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml","reference_id":"CVE-2022-25275.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xh3v-6f9j-wxw3","reference_id":"GHSA-xh3v-6f9j-wxw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh3v-6f9j-wxw3"},{"reference_url":"https://www.drupal.org/sa-core-2022-012","reference_id":"sa-core-2022-012","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/"}],"url":"https://www.drupal.org/sa-core-2022-012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393432?format=json","purl":"pkg:composer/drupal/drupal@9.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/393433?format=json","purl":"pkg:composer/drupal/drupal@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7669-dguj-2qfd"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3"}],"aliases":["CVE-2022-25275","GHSA-xh3v-6f9j-wxw3","GMS-2022-3362"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq9-fe9e-93hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362323?format=json","vulnerability_id":"VCID-hyd9-kcsg-5kgb","summary":"Improper Access Control in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GMS-2018-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyd9-kcsg-5kgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161730?format=json","vulnerability_id":"VCID-kepa-chya-sfdb","summary":"Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6340","reference_id":"","reference_type":"","scores":[{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99979","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6340"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340"},{"reference_url":"https://www.exploit-db.com/exploits/46452","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46452"},{"reference_url":"https://www.exploit-db.com/exploits/46459","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46459"},{"reference_url":"https://www.exploit-db.com/exploits/46510","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46510"},{"reference_url":"http://www.securityfocus.com/bid/107106","reference_id":"107106","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"http://www.securityfocus.com/bid/107106"},{"reference_url":"https://www.exploit-db.com/exploits/46452/","reference_id":"46452","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"https://www.exploit-db.com/exploits/46452/"},{"reference_url":"https://www.exploit-db.com/exploits/46459/","reference_id":"46459","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"https://www.exploit-db.com/exploits/46459/"},{"reference_url":"https://www.exploit-db.com/exploits/46510/","reference_id":"46510","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"https://www.exploit-db.com/exploits/46510/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb","reference_id":"CVE-2019-6340","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt","reference_id":"CVE-2019-6340","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py","reference_id":"CVE-2019-6340","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6340","reference_id":"CVE-2019-6340","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6340"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb","reference_id":"CVE-2019-6340","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb"},{"reference_url":"https://www.ambionics.io/blog/drupal8-rce","reference_id":"CVE-2019-6340","reference_type":"exploit","scores":[],"url":"https://www.ambionics.io/blog/drupal8-rce"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml","reference_id":"CVE-2019-6340.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml","reference_id":"CVE-2019-6340.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gx6-h57h-rm27","reference_id":"GHSA-3gx6-h57h-rm27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gx6-h57h-rm27"},{"reference_url":"https://www.drupal.org/sa-core-2019-003","reference_id":"sa-core-2019-003","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"https://www.drupal.org/sa-core-2019-003"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_09","reference_id":"Synology_SA_19_09","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/"}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21730?format=json","purl":"pkg:composer/drupal/drupal@8.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/drupal/drupal@8.6.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10"}],"aliases":["CVE-2019-6340","GHSA-3gx6-h57h-rm27"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kepa-chya-sfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159572?format=json","vulnerability_id":"VCID-krjp-u36k-17fs","summary":"A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7602","reference_id":"","reference_type":"","scores":[{"value":"0.94382","scoring_system":"epss","scoring_elements":"0.99971","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602"},{"reference_url":"https://www.exploit-db.com/exploits/44542","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44542"},{"reference_url":"https://www.exploit-db.com/exploits/44557","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44557"},{"reference_url":"http://www.securityfocus.com/bid/103985","reference_id":"103985","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"http://www.securityfocus.com/bid/103985"},{"reference_url":"http://www.securitytracker.com/id/1040754","reference_id":"1040754","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"http://www.securitytracker.com/id/1040754"},{"reference_url":"https://www.exploit-db.com/exploits/44542/","reference_id":"44542","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"https://www.exploit-db.com/exploits/44542/"},{"reference_url":"https://www.exploit-db.com/exploits/44557/","reference_id":"44557","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"https://www.exploit-db.com/exploits/44557/"},{"reference_url":"https://security.archlinux.org/ASA-201804-10","reference_id":"ASA-201804-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-10"},{"reference_url":"https://security.archlinux.org/AVG-679","reference_id":"AVG-679","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-679"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb","reference_id":"CVE-2018-7602","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7602","reference_id":"CVE-2018-7602","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7602"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt","reference_id":"CVE-2018-7602;SA-CORE-2018-004","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt"},{"reference_url":"https://pastebin.com/pRM8nmwj","reference_id":"CVE-2018-7602;SA-CORE-2018-004","reference_type":"exploit","scores":[],"url":"https://pastebin.com/pRM8nmwj"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml","reference_id":"CVE-2018-7602.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml","reference_id":"CVE-2018-7602.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml"},{"reference_url":"https://www.debian.org/security/2018/dsa-4180","reference_id":"dsa-4180","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"https://www.debian.org/security/2018/dsa-4180"},{"reference_url":"https://github.com/advisories/GHSA-297x-j9pm-xjgg","reference_id":"GHSA-297x-j9pm-xjgg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-297x-j9pm-xjgg"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html"},{"reference_url":"https://www.drupal.org/sa-core-2018-004","reference_id":"sa-core-2018-004","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/"}],"url":"https://www.drupal.org/sa-core-2018-004"},{"reference_url":"https://usn.ubuntu.com/USN-4773-1/","reference_id":"USN-USN-4773-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4773-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30734?format=json","purl":"pkg:composer/drupal/drupal@8.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/30736?format=json","purl":"pkg:composer/drupal/drupal@8.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.3"}],"aliases":["CVE-2018-7602","GHSA-297x-j9pm-xjgg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krjp-u36k-17fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211808?format=json","vulnerability_id":"VCID-krqe-tg7a-yuex","summary":"Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-jjx7-8462-w4m4","reference_id":"GHSA-jjx7-8462-w4m4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjx7-8462-w4m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31247?format=json","purl":"pkg:composer/drupal/drupal@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GHSA-jjx7-8462-w4m4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krqe-tg7a-yuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208142?format=json","vulnerability_id":"VCID-kryq-8j5g-d7a6","summary":"Cross-site Scripting in Drupal Core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13668","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45025","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13668"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8"},{"reference_url":"https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb"},{"reference_url":"https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2"},{"reference_url":"https://www.drupal.org/sa-core-2020-009","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2020-009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13668","reference_id":"CVE-2020-13668","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13668"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml","reference_id":"CVE-2020-13668.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml","reference_id":"CVE-2020-13668.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m6q5-wv4x-fv6h","reference_id":"GHSA-m6q5-wv4x-fv6h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6q5-wv4x-fv6h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19344?format=json","purl":"pkg:composer/drupal/drupal@8.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/19350?format=json","purl":"pkg:composer/drupal/drupal@8.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/19346?format=json","purl":"pkg:composer/drupal/drupal@9.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6"}],"aliases":["CVE-2020-13668","GHSA-m6q5-wv4x-fv6h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kryq-8j5g-d7a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159574?format=json","vulnerability_id":"VCID-ku79-by46-s3h9","summary":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7600","reference_id":"","reference_type":"","scores":[{"value":"0.94489","scoring_system":"epss","scoring_elements":"1.0","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7600"},{"reference_url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7600","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7600"},{"reference_url":"https://research.checkpoint.com/uncovering-drupalgeddon-2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.checkpoint.com/uncovering-drupalgeddon-2"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"},{"reference_url":"https://www.exploit-db.com/exploits/44448","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44448"},{"reference_url":"https://www.exploit-db.com/exploits/44449","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44449"},{"reference_url":"https://www.exploit-db.com/exploits/44482","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44482"},{"reference_url":"http://www.securityfocus.com/bid/103534","reference_id":"103534","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"http://www.securityfocus.com/bid/103534"},{"reference_url":"http://www.securitytracker.com/id/1040598","reference_id":"1040598","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"http://www.securitytracker.com/id/1040598"},{"reference_url":"https://www.exploit-db.com/exploits/44448/","reference_id":"44448","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.exploit-db.com/exploits/44448/"},{"reference_url":"https://www.exploit-db.com/exploits/44449/","reference_id":"44449","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.exploit-db.com/exploits/44449/"},{"reference_url":"https://www.exploit-db.com/exploits/44482/","reference_id":"44482","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.exploit-db.com/exploits/44482/"},{"reference_url":"https://twitter.com/arancaytar/status/979090719003627521","reference_id":"979090719003627521","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://twitter.com/arancaytar/status/979090719003627521"},{"reference_url":"https://twitter.com/RicterZ/status/979567469726613504","reference_id":"979567469726613504","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://twitter.com/RicterZ/status/979567469726613504"},{"reference_url":"https://twitter.com/RicterZ/status/984495201354854401","reference_id":"984495201354854401","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://twitter.com/RicterZ/status/984495201354854401"},{"reference_url":"https://security.archlinux.org/ASA-201804-1","reference_id":"ASA-201804-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-1"},{"reference_url":"https://security.archlinux.org/AVG-665","reference_id":"AVG-665","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-665"},{"reference_url":"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","reference_id":"critical-drupal-core-vulnerability-what-you-need-to-know","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"},{"reference_url":"https://github.com/a2u/CVE-2018-7600","reference_id":"CVE-2018-7600","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://github.com/a2u/CVE-2018-7600"},{"reference_url":"https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py","reference_id":"CVE-2018-7600","reference_type":"exploit","scores":[],"url":"https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py"},{"reference_url":"https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb","reference_id":"CVE-2018-7600","reference_type":"exploit","scores":[],"url":"https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb","reference_id":"CVE-2018-7600","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py","reference_id":"CVE-2018-7600","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb","reference_id":"CVE-2018-7600","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb"},{"reference_url":"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","reference_id":"CVE-2018-7600-Drupal-RCE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"},{"reference_url":"https://www.debian.org/security/2018/dsa-4156","reference_id":"dsa-4156","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.debian.org/security/2018/dsa-4156"},{"reference_url":"https://groups.drupal.org/security/faq-2018-002","reference_id":"faq-2018-002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://groups.drupal.org/security/faq-2018-002"},{"reference_url":"https://github.com/advisories/GHSA-7fh9-933g-885p","reference_id":"GHSA-7fh9-933g-885p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7fh9-933g-885p"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"},{"reference_url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/","reference_id":"over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"},{"reference_url":"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","reference_id":"remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"},{"reference_url":"https://www.drupal.org/sa-core-2018-002","reference_id":"sa-core-2018-002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.drupal.org/sa-core-2018-002"},{"reference_url":"https://greysec.net/showthread.php?tid=2912&pid=10561","reference_id":"showthread.php?tid=2912&pid=10561","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://greysec.net/showthread.php?tid=2912&pid=10561"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_18_17","reference_id":"Synology_SA_18_17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://www.synology.com/support/security/Synology_SA_18_17"},{"reference_url":"https://research.checkpoint.com/uncovering-drupalgeddon-2/","reference_id":"uncovering-drupalgeddon-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/"}],"url":"https://research.checkpoint.com/uncovering-drupalgeddon-2/"},{"reference_url":"https://usn.ubuntu.com/USN-4773-1/","reference_id":"USN-USN-4773-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4773-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386331?format=json","purl":"pkg:composer/drupal/drupal@8.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/386332?format=json","purl":"pkg:composer/drupal/drupal@8.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/386333?format=json","purl":"pkg:composer/drupal/drupal@8.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.1"}],"aliases":["CVE-2018-7600","GHSA-7fh9-933g-885p"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ku79-by46-s3h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211804?format=json","vulnerability_id":"VCID-nbzz-f1n8-mbdw","summary":"Drupal External URL injection through URL aliases leading to Open Redirect","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-r67r-42wx-c8r7","reference_id":"GHSA-r67r-42wx-c8r7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r67r-42wx-c8r7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31247?format=json","purl":"pkg:composer/drupal/drupal@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GHSA-r67r-42wx-c8r7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbzz-f1n8-mbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163420?format=json","vulnerability_id":"VCID-nhub-1map-n3by","summary":"Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25277","reference_id":"","reference_type":"","scores":[{"value":"0.02448","scoring_system":"epss","scoring_elements":"0.85523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25277"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17"},{"reference_url":"https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25277","reference_id":"CVE-2022-25277","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25277"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml","reference_id":"CVE-2022-25277.YAML","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6955-67hm-vjjq","reference_id":"GHSA-6955-67hm-vjjq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6955-67hm-vjjq"},{"reference_url":"https://www.drupal.org/sa-core-2022-014","reference_id":"sa-core-2022-014","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/"}],"url":"https://www.drupal.org/sa-core-2022-014"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393432?format=json","purl":"pkg:composer/drupal/drupal@9.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/393433?format=json","purl":"pkg:composer/drupal/drupal@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7669-dguj-2qfd"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3"}],"aliases":["CVE-2022-25277","GHSA-6955-67hm-vjjq","GMS-2022-3361"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhub-1map-n3by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362288?format=json","vulnerability_id":"VCID-qec2-bj92-pue9","summary":"XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386384?format=json","purl":"pkg:composer/drupal/drupal@8.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/386385?format=json","purl":"pkg:composer/drupal/drupal@8.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2"}],"aliases":["SA-CORE-2018-003"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qec2-bj92-pue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295783?format=json","vulnerability_id":"VCID-qtax-krps-1udn","summary":"","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6926","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6926"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6926","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6926"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6926","GHSA-2p28-5mvp-2j2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtax-krps-1udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196859?format=json","vulnerability_id":"VCID-qvsn-ab7h-cqc5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13672","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68571","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13672"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2021-002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-002"},{"reference_url":"https://security.archlinux.org/AVG-1463","reference_id":"AVG-1463","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13672","reference_id":"CVE-2020-13672","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13672"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml","reference_id":"CVE-2020-13672.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml","reference_id":"CVE-2020-13672.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3m36-mjwj-352c","reference_id":"GHSA-3m36-mjwj-352c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m36-mjwj-352c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19339?format=json","purl":"pkg:composer/drupal/drupal@8.9.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.14"},{"url":"http://public2.vulnerablecode.io/api/packages/19355?format=json","purl":"pkg:composer/drupal/drupal@9.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/19342?format=json","purl":"pkg:composer/drupal/drupal@9.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.7"}],"aliases":["CVE-2020-13672","GHSA-3m36-mjwj-352c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvsn-ab7h-cqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172340?format=json","vulnerability_id":"VCID-r7kh-gpy6-juht","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6928","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51482","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6928.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6928.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6928","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6928"},{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6928","GHSA-66mv-q8r2-hj8w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7kh-gpy6-juht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179358?format=json","vulnerability_id":"VCID-s5ak-abr9-vbe6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6338","reference_id":"","reference_type":"","scores":[{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77922","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4370","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4370"},{"reference_url":"https://www.drupal.org/sa-core-2019-001","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-001"},{"reference_url":"http://www.securityfocus.com/bid/106706","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106706"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6338","reference_id":"CVE-2019-6338","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6338"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml","reference_id":"CVE-2019-6338.YAML","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6rmq-x2hv-vxpp","reference_id":"GHSA-6rmq-x2hv-vxpp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rmq-x2hv-vxpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15865?format=json","purl":"pkg:composer/drupal/drupal@8.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15864?format=json","purl":"pkg:composer/drupal/drupal@8.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6"}],"aliases":["CVE-2019-6338","GHSA-6rmq-x2hv-vxpp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ak-abr9-vbe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211807?format=json","vulnerability_id":"VCID-s93m-ue36-vyg1","summary":"Drupal Malicious file upload with filenames stating with dot","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2019-010","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-010"},{"reference_url":"https://github.com/advisories/GHSA-58xv-7h9r-mx3c","reference_id":"GHSA-58xv-7h9r-mx3c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58xv-7h9r-mx3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31249?format=json","purl":"pkg:composer/drupal/drupal@8.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/31250?format=json","purl":"pkg:composer/drupal/drupal@8.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-6j4t-zjnf-fbd3"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hfsr-jhw7-b3ap"},{"vulnerability":"VCID-jp51-ftxv-4ud9"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-kufg-z717-b7hm"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1"}],"aliases":["GHSA-58xv-7h9r-mx3c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s93m-ue36-vyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295784?format=json","vulnerability_id":"VCID-sgub-4xen-bbcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6930","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6930"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6930","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6930"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930","reference_id":"","reference_type":"","scores":[],"url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6930","GHSA-3327-jr93-7hq3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgub-4xen-bbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211805?format=json","vulnerability_id":"VCID-t33g-z4ps-ykcy","summary":"Drupal Content moderation Access bypass","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-86xw-vmcx-9mj4","reference_id":"GHSA-86xw-vmcx-9mj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86xw-vmcx-9mj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31247?format=json","purl":"pkg:composer/drupal/drupal@8.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GHSA-86xw-vmcx-9mj4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t33g-z4ps-ykcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362317?format=json","vulnerability_id":"VCID-txdd-bamb-ckcy","summary":"Improper Access Control\nIn some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GMS-2018-62"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txdd-bamb-ckcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211816?format=json","vulnerability_id":"VCID-u8xe-6xh5-6ygb","summary":"Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml"},{"reference_url":"https://www.drupal.org/sa-core-2021-005","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-005"},{"reference_url":"https://github.com/advisories/GHSA-qf65-hph9-453r","reference_id":"GHSA-qf65-hph9-453r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf65-hph9-453r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31259?format=json","purl":"pkg:composer/drupal/drupal@8.9.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.16"},{"url":"http://public2.vulnerablecode.io/api/packages/31258?format=json","purl":"pkg:composer/drupal/drupal@9.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/31261?format=json","purl":"pkg:composer/drupal/drupal@9.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-6se4-tmwu-47b2"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-91kw-xn5d-pbbe"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-gffn-t1yz-5fgj"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-sdue-15dg-4ugt"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-yjm8-gadp-jkhr"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4"}],"aliases":["GHSA-qf65-hph9-453r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8xe-6xh5-6ygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211815?format=json","vulnerability_id":"VCID-uj1s-21kp-pbhy","summary":"Drupal core Arbitrary PHP code execution","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml"},{"reference_url":"https://github.com/advisories/GHSA-j66p-fvp2-fxhj","reference_id":"GHSA-j66p-fvp2-fxhj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j66p-fvp2-fxhj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31255?format=json","purl":"pkg:composer/drupal/drupal@8.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/31257?format=json","purl":"pkg:composer/drupal/drupal@8.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10"},{"url":"http://public2.vulnerablecode.io/api/packages/31256?format=json","purl":"pkg:composer/drupal/drupal@9.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9"}],"aliases":["GHSA-j66p-fvp2-fxhj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-21kp-pbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175225?format=json","vulnerability_id":"VCID-vc7s-6p62-bfaw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15739?format=json","purl":"pkg:composer/drupal/drupal@8.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/15747?format=json","purl":"pkg:composer/drupal/drupal@8.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163388?format=json","vulnerability_id":"VCID-wn4r-rc6m-xbhy","summary":"Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25278","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65504","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25278"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25278","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25278"},{"reference_url":"https://github.com/advisories/GHSA-cfh2-7f6h-3m85","reference_id":"GHSA-cfh2-7f6h-3m85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfh2-7f6h-3m85"},{"reference_url":"https://www.drupal.org/sa-core-2022-013","reference_id":"sa-core-2022-013","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/"}],"url":"https://www.drupal.org/sa-core-2022-013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393432?format=json","purl":"pkg:composer/drupal/drupal@9.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/393433?format=json","purl":"pkg:composer/drupal/drupal@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7669-dguj-2qfd"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3"}],"aliases":["CVE-2022-25278","GHSA-cfh2-7f6h-3m85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wn4r-rc6m-xbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362370?format=json","vulnerability_id":"VCID-x78g-nsnv-ebhc","summary":"Cross-site Scripting vulnerability in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2019-004","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391032?format=json","purl":"pkg:composer/drupal/drupal@8.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.12"}],"aliases":["GMS-2019-148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x78g-nsnv-ebhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172338?format=json","vulnerability_id":"VCID-xcck-137u-wyam","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6927","reference_id":"","reference_type":"","scores":[{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6927","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6927"},{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927","reference_id":"","reference_type":"","scores":[],"url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927"},{"reference_url":"http://www.securityfocus.com/bid/103138","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103138"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6927","GHSA-585j-5449-mf5m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcck-137u-wyam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208141?format=json","vulnerability_id":"VCID-yku8-k9fs-d7c8","summary":"Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13669","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42442","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13669"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2020-010","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2020-010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13669","reference_id":"CVE-2020-13669","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13669"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml","reference_id":"CVE-2020-13669.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml","reference_id":"CVE-2020-13669.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c533-c843-67h8","reference_id":"GHSA-c533-c843-67h8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c533-c843-67h8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19344?format=json","purl":"pkg:composer/drupal/drupal@8.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/19350?format=json","purl":"pkg:composer/drupal/drupal@8.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/19346?format=json","purl":"pkg:composer/drupal/drupal@9.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7r9b-pzqb-cqea"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-muhk-wbuy-97bu"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-sqp3-huku-rqcc"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6"}],"aliases":["CVE-2020-13669","GHSA-c533-c843-67h8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yku8-k9fs-d7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362318?format=json","vulnerability_id":"VCID-ytts-zj5y-2kdc","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nAnonymous Open Redirect in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31248?format=json","purl":"pkg:composer/drupal/drupal@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2"}],"aliases":["GMS-2018-60"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytts-zj5y-2kdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/308412?format=json","vulnerability_id":"VCID-zt27-b3qc-fbac","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9861","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9861"},{"reference_url":"https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9861","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9861"},{"reference_url":"https://www.drupal.org/sa-core-2018-003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-003"},{"reference_url":"http://www.securityfocus.com/bid/103924","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103924"},{"reference_url":"https://usn.ubuntu.com/5340-1/","reference_id":"USN-5340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5340-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5340-2/","reference_id":"USN-USN-5340-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5340-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386384?format=json","purl":"pkg:composer/drupal/drupal@8.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/386385?format=json","purl":"pkg:composer/drupal/drupal@8.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2"}],"aliases":["CVE-2018-9861","GHSA-g78h-pf65-46rv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zt27-b3qc-fbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163574?format=json","vulnerability_id":"VCID-zxut-nxke-7fce","summary":"Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25273","reference_id":"","reference_type":"","scores":[{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.65015","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25273"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25273","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25273"},{"reference_url":"https://github.com/advisories/GHSA-g36h-4jr6-qmm9","reference_id":"GHSA-g36h-4jr6-qmm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g36h-4jr6-qmm9"},{"reference_url":"https://www.drupal.org/sa-core-2022-008","reference_id":"sa-core-2022-008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/"}],"url":"https://www.drupal.org/sa-core-2022-008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393440?format=json","purl":"pkg:composer/drupal/drupal@9.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-91kw-xn5d-pbbe"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/393435?format=json","purl":"pkg:composer/drupal/drupal@9.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-91kw-xn5d-pbbe"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12"}],"aliases":["CVE-2022-25273","GHSA-g36h-4jr6-qmm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxut-nxke-7fce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349116?format=json","vulnerability_id":"VCID-zymc-a812-1ua5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25276","reference_id":"","reference_type":"","scores":[{"value":"0.01831","scoring_system":"epss","scoring_elements":"0.83322","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25276"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25276","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25276"},{"reference_url":"https://www.drupal.org/sa-core-2022-015","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2022-015"},{"reference_url":"https://github.com/advisories/GHSA-4wfq-jc9h-vpcx","reference_id":"GHSA-4wfq-jc9h-vpcx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wfq-jc9h-vpcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393432?format=json","purl":"pkg:composer/drupal/drupal@9.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/393433?format=json","purl":"pkg:composer/drupal/drupal@9.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1w42-v1sq-fkac"},{"vulnerability":"VCID-227y-mp79-jydd"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-7669-dguj-2qfd"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-ggb3-jgrj-hken"},{"vulnerability":"VCID-xrzg-mcnq-vqdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3"}],"aliases":["CVE-2022-25276","GHSA-4wfq-jc9h-vpcx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zymc-a812-1ua5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172336?format=json","vulnerability_id":"VCID-75bq-ccux-afdn","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6922","reference_id":"","reference_type":"","scores":[{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82715","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.debian.org/security/2017/dsa-3897","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3897"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99219","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99219"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6922","reference_id":"CVE-2017-6922","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6922"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml","reference_id":"CVE-2017-6922.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml","reference_id":"CVE-2017-6922.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml"},{"reference_url":"https://github.com/advisories/GHSA-58f3-cx8p-h8jg","reference_id":"GHSA-58f3-cx8p-h8jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58f3-cx8p-h8jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22024?format=json","purl":"pkg:composer/drupal/drupal@7.56.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.56.0"},{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6922","GHSA-58f3-cx8p-h8jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75bq-ccux-afdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295781?format=json","vulnerability_id":"VCID-xyu6-aqjk-r7g7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6920","reference_id":"","reference_type":"","scores":[{"value":"0.66148","scoring_system":"epss","scoring_elements":"0.98544","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6920"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6920","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6920"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99211","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99211"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6920","GHSA-9c24-g32g-35rj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyu6-aqjk-r7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210059?format=json","vulnerability_id":"VCID-yj7d-w9vg-23dn","summary":"Drupal file REST resource does not properly validate","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6921","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63655","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6921"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99222","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99222"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6921","reference_id":"CVE-2017-6921","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6921"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml","reference_id":"CVE-2017-6921.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml","reference_id":"CVE-2017-6921.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h377-287m-w2r9","reference_id":"GHSA-h377-287m-w2r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h377-287m-w2r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6921","GHSA-h377-287m-w2r9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj7d-w9vg-23dn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}