{"url":"http://public2.vulnerablecode.io/api/packages/222246?format=json","purl":"pkg:composer/drupal/core-recommended@8.1.3","type":"composer","namespace":"drupal","name":"core-recommended","version":"8.1.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.11","latest_non_vulnerable_version":"11.0.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34557?format=json","vulnerability_id":"VCID-gbz5-5frj-hber","summary":"Multiple vulnerabilities through filename manipulation in Archive_Tar\nArchive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33","references":[{"reference_url":"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28949","reference_id":"","reference_type":"","scores":[{"value":"0.92961","scoring_system":"epss","scoring_elements":"0.99776","published_at":"2026-04-04T12:55:00Z"},{"value":"0.92961","scoring_system":"epss","scoring_elements":"0.99778","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92961","scoring_system":"epss","scoring_elements":"0.99777","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml"},{"reference_url":"https://github.com/pear/Archive_Tar","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar"},{"reference_url":"https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da"},{"reference_url":"https://github.com/pear/Archive_Tar/issues/33","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://github.com/pear/Archive_Tar/issues/33"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28949","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28949"},{"reference_url":"https://security.gentoo.org/glsa/202101-23","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://security.gentoo.org/glsa/202101-23"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949"},{"reference_url":"https://www.debian.org/security/2020/dsa-4817","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://www.debian.org/security/2020/dsa-4817"},{"reference_url":"https://www.drupal.org/sa-core-2020-013","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://www.drupal.org/sa-core-2020-013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1910323","reference_id":"1910323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1910323"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/","reference_id":"42GPGVVFTLJYAKRI75IVB5R45NYQGEUR","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/","reference_id":"4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/","reference_id":"5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108","reference_id":"976108","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108"},{"reference_url":"https://github.com/advisories/GHSA-75c5-f4gw-38r9","reference_id":"GHSA-75c5-f4gw-38r9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75c5-f4gw-38r9"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/","reference_id":"KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/","reference_id":"NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6541","reference_id":"RHSA-2022:6541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6542","reference_id":"RHSA-2022:6542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7340","reference_id":"RHSA-2022:7340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7340"},{"reference_url":"https://usn.ubuntu.com/4654-1/","reference_id":"USN-4654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4654-1/"},{"reference_url":"https://usn.ubuntu.com/6981-1/","reference_id":"USN-6981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-1/"},{"reference_url":"https://usn.ubuntu.com/6981-2/","reference_id":"USN-6981-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/","reference_id":"VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/224786?format=json","purl":"pkg:composer/drupal/core-recommended@8.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-kc7d-5k6x-77bp"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.9.10"},{"url":"http://public2.vulnerablecode.io/api/packages/222363?format=json","purl":"pkg:composer/drupal/core-recommended@9.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/224789?format=json","purl":"pkg:composer/drupal/core-recommended@9.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-kc7d-5k6x-77bp"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/222373?format=json","purl":"pkg:composer/drupal/core-recommended@9.1.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.1.0-alpha1"}],"aliases":["CVE-2020-28949","GHSA-75c5-f4gw-38r9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbz5-5frj-hber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15838?format=json","vulnerability_id":"VCID-u4w3-usvb-jyf6","summary":"Drupal Full Path Disclosure\n`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440","reference_id":"","reference_type":"","scores":[{"value":"0.86443","scoring_system":"epss","scoring_elements":"0.99404","published_at":"2026-04-02T12:55:00Z"},{"value":"0.86443","scoring_system":"epss","scoring_elements":"0.99405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.87227","scoring_system":"epss","scoring_elements":"0.99449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.87227","scoring_system":"epss","scoring_elements":"0.99448","published_at":"2026-04-11T12:55:00Z"},{"value":"0.87227","scoring_system":"epss","scoring_elements":"0.99447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.87227","scoring_system":"epss","scoring_elements":"0.99445","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440"},{"reference_url":"https://github.com/drupal/drupal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/drupal"},{"reference_url":"https://github.com/github/advisory-database/pull/4827","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/4827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained"},{"reference_url":"https://www.drupal.org/project/drupal/issues/3457781","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://www.drupal.org/project/drupal/issues/3457781"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.2.9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.2.9"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.3.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.3.6"},{"reference_url":"https://www.drupal.org/project/drupal/releases/11.0.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/11.0.5"},{"reference_url":"https://www.exploit-db.com/exploits/52266","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/52266"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py","reference_id":"CVE-2024-45440","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/","reference_id":"CVE-2024-45440-Explained","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/"},{"reference_url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc","reference_id":"GHSA-mg8j-w93w-xjgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55114?format=json","purl":"pkg:composer/drupal/core-recommended@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@10.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/703599?format=json","purl":"pkg:composer/drupal/core-recommended@10.3.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@10.3.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/55100?format=json","purl":"pkg:composer/drupal/core-recommended@10.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@10.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/703602?format=json","purl":"pkg:composer/drupal/core-recommended@11.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@11.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/55101?format=json","purl":"pkg:composer/drupal/core-recommended@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@11.0.5"}],"aliases":["CVE-2024-45440","GHSA-mg8j-w93w-xjgc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52317?format=json","vulnerability_id":"VCID-ummk-h11z-bkaj","summary":"Twig may load a template outside a configured directory when using the filesystem loader\n# Description\n\nWhen using the filesystem loader to load templates for which the name is a user input, it is possible to use the `source` or `include` statement to read arbitrary files from outside the templates directory when using a namespace like `@somewhere/../some.file` (in such a case, validation is bypassed).\n\n# Resolution\n\nWe fixed validation for such template names.\n\nEven if the 1.x branch is not maintained anymore, a new version has been released.\n\n# Credits\n\nWe would like to thank Dariusz Tytko for reporting the issue and Fabien Potencier for fixing the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39261","reference_id":"","reference_type":"","scores":[{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.92835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.92831","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.9282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09505","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39261","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39261"},{"reference_url":"https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader"},{"reference_url":"https://www.debian.org/security/2022/dsa-5248","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://www.debian.org/security/2022/dsa-5248"},{"reference_url":"https://www.drupal.org/sa-core-2022-016","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://www.drupal.org/sa-core-2022-016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991","reference_id":"1020991","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/","reference_id":"2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/","reference_id":"AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"},{"reference_url":"https://github.com/advisories/GHSA-52m2-vc4m-jj33","reference_id":"GHSA-52m2-vc4m-jj33","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52m2-vc4m-jj33"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/","reference_id":"NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/","reference_id":"TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"},{"reference_url":"https://usn.ubuntu.com/5947-1/","reference_id":"USN-5947-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5947-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/","reference_id":"WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/","reference_id":"YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/703524?format=json","purl":"pkg:composer/drupal/core-recommended@9.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.22"},{"url":"http://public2.vulnerablecode.io/api/packages/313627?format=json","purl":"pkg:composer/drupal/core-recommended@9.4.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.4.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/703528?format=json","purl":"pkg:composer/drupal/core-recommended@9.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/334122?format=json","purl":"pkg:composer/drupal/core-recommended@9.5.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.5.0-beta1"}],"aliases":["CVE-2022-39261","GHSA-52m2-vc4m-jj33"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ummk-h11z-bkaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35557?format=json","vulnerability_id":"VCID-v9v6-ae3e-g3hk","summary":"Deserialization of Untrusted Data in Archive_Tar\nArchive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28948","reference_id":"","reference_type":"","scores":[{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98927","published_at":"2026-04-13T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98924","published_at":"2026-04-08T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.9892","published_at":"2026-04-04T12:55:00Z"},{"value":"0.76218","scoring_system":"epss","scoring_elements":"0.98923","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949"},{"reference_url":"https://github.com/pear/Archive_Tar","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar"},{"reference_url":"https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da"},{"reference_url":"https://github.com/pear/Archive_Tar/issues/33","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/issues/33"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28948","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28948"},{"reference_url":"https://security.gentoo.org/glsa/202101-23","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-23"},{"reference_url":"https://www.debian.org/security/2020/dsa-4817","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4817"},{"reference_url":"https://www.drupal.org/sa-core-2020-013","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2020-013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1904001","reference_id":"1904001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1904001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108","reference_id":"976108","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108"},{"reference_url":"https://github.com/advisories/GHSA-jh5x-hfhg-78jq","reference_id":"GHSA-jh5x-hfhg-78jq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh5x-hfhg-78jq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6541","reference_id":"RHSA-2022:6541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6542","reference_id":"RHSA-2022:6542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7340","reference_id":"RHSA-2022:7340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7340"},{"reference_url":"https://usn.ubuntu.com/4654-1/","reference_id":"USN-4654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4654-1/"},{"reference_url":"https://usn.ubuntu.com/6981-1/","reference_id":"USN-6981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-1/"},{"reference_url":"https://usn.ubuntu.com/6981-2/","reference_id":"USN-6981-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6981-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/224786?format=json","purl":"pkg:composer/drupal/core-recommended@8.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-kc7d-5k6x-77bp"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.9.10"},{"url":"http://public2.vulnerablecode.io/api/packages/222363?format=json","purl":"pkg:composer/drupal/core-recommended@9.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/224789?format=json","purl":"pkg:composer/drupal/core-recommended@9.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-kc7d-5k6x-77bp"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/222373?format=json","purl":"pkg:composer/drupal/core-recommended@9.1.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nf6-3q5b-gqfm"},{"vulnerability":"VCID-2s8m-ujzb-skd1"},{"vulnerability":"VCID-q4qx-7s1y-q3hc"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-u4w3-usvb-jyf6"},{"vulnerability":"VCID-ummk-h11z-bkaj"},{"vulnerability":"VCID-vevm-4sfk-f7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.1.0-alpha1"}],"aliases":["CVE-2020-28948","GHSA-jh5x-hfhg-78jq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9v6-ae3e-g3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14839?format=json","vulnerability_id":"VCID-vevm-4sfk-f7gq","summary":"Drupal core Access bypass\nDrupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55634","reference_id":"","reference_type":"","scores":[{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74805","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74856","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74806","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74833","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74839","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55634"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55634","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55634"},{"reference_url":"https://www.drupal.org/sa-core-2024-004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/"}],"url":"https://www.drupal.org/sa-core-2024-004"},{"reference_url":"https://github.com/advisories/GHSA-7cwc-fjqm-8vh8","reference_id":"GHSA-7cwc-fjqm-8vh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cwc-fjqm-8vh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51087?format=json","purl":"pkg:composer/drupal/core-recommended@10.2.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@10.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/51088?format=json","purl":"pkg:composer/drupal/core-recommended@10.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@10.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/51161?format=json","purl":"pkg:composer/drupal/core-recommended@11.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@11.0.8"}],"aliases":["CVE-2024-55634","GHSA-7cwc-fjqm-8vh8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.1.3"}