{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","type":"alpm","namespace":"archlinux","name":"drupal","version":"9.2.6-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.2.9-1","latest_non_vulnerable_version":"9.2.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11581?format=json","vulnerability_id":"VCID-4x92-vapt-n7dz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41165","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30037","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.29963","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30506","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30552","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.29942","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30012","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30003","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.29931","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30068","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30145","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30321","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30364","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165"},{"reference_url":"https://github.com/ckeditor/ckeditor4","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4"},{"reference_url":"https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417"},{"reference_url":"https://www.drupal.org/sa-core-2021-011","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-011"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217","reference_id":"1015217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909","reference_id":"999909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909"},{"reference_url":"https://security.archlinux.org/AVG-2565","reference_id":"AVG-2565","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2565"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41165","reference_id":"CVE-2021-41165","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41165"},{"reference_url":"https://github.com/advisories/GHSA-7h26-63m7-qhf2","reference_id":"GHSA-7h26-63m7-qhf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h26-63m7-qhf2"},{"reference_url":"https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2","reference_id":"GHSA-7h26-63m7-qhf2","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373348?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.9-1"}],"aliases":["CVE-2021-41165","GHSA-7h26-63m7-qhf2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x92-vapt-n7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11584?format=json","vulnerability_id":"VCID-8hvk-a5es-v3e4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41164","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22754","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22677","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22661","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22693","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22613","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22635","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22647","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22851","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22857","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22936","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22953","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164"},{"reference_url":"https://github.com/ckeditor/ckeditor4","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4"},{"reference_url":"https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/"},{"reference_url":"https://www.drupal.org/sa-core-2021-011","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-011"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909","reference_id":"999909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909"},{"reference_url":"https://security.archlinux.org/AVG-2565","reference_id":"AVG-2565","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2565"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41164","reference_id":"CVE-2021-41164","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41164"},{"reference_url":"https://github.com/advisories/GHSA-pvmx-g8h5-cprj","reference_id":"GHSA-pvmx-g8h5-cprj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvmx-g8h5-cprj"},{"reference_url":"https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj","reference_id":"GHSA-pvmx-g8h5-cprj","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373348?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.9-1"}],"aliases":["CVE-2021-41164","GHSA-pvmx-g8h5-cprj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12888?format=json","vulnerability_id":"VCID-77zc-1gc8-r7b7","summary":"Unrestricted Upload of File with Dangerous Type\nDrupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13675","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74159","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74036","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74068","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74095","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74117","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74079","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73986","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73999","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74003","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74035","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74044","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13675"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2021-008","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-008"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13675","reference_id":"CVE-2020-13675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13675"},{"reference_url":"https://github.com/advisories/GHSA-v8wr-r69p-mmwx","reference_id":"GHSA-v8wr-r69p-mmwx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8wr-r69p-mmwx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13675","GHSA-v8wr-r69p-mmwx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77zc-1gc8-r7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12886?format=json","vulnerability_id":"VCID-bkxp-gn34-67av","summary":"Cross-Site Request Forgery (CSRF)\nThe QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the \"access in-place editing\" permission from untrusted users will not fully mitigate the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34208","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34242","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33823","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33665","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33707","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3364","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34336","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.342","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34272","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6"},{"reference_url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c"},{"reference_url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8"},{"reference_url":"https://www.drupal.org/sa-core-2021-007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-007"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674","reference_id":"CVE-2020-13674","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674"},{"reference_url":"https://github.com/advisories/GHSA-j586-cj67-vg4p","reference_id":"GHSA-j586-cj67-vg4p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j586-cj67-vg4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13674","GHSA-j586-cj67-vg4p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkxp-gn34-67av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12876?format=json","vulnerability_id":"VCID-fwbj-ctxz-2bc6","summary":"Incorrect Authorization\nThe QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13676","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51904","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51903","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51884","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51795","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51743","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51799","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51824","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51748","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51784","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51839","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51888","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13676"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b"},{"reference_url":"https://www.drupal.org/sa-core-2021-009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-009"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13676","reference_id":"CVE-2020-13676","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13676"},{"reference_url":"https://github.com/advisories/GHSA-qfhg-m6r8-xxpj","reference_id":"GHSA-qfhg-m6r8-xxpj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfhg-m6r8-xxpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13676","GHSA-qfhg-m6r8-xxpj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwbj-ctxz-2bc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216559?format=json","vulnerability_id":"VCID-rbbv-82ff-mbcj","summary":"The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13673","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34903","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35457","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35341","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35394","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34985","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34863","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34973","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34876","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13673"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13673"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbbv-82ff-mbcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12883?format=json","vulnerability_id":"VCID-w6cz-mg4v-3udj","summary":"Drupal core access bypass vulnerability\nUnder some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13677","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41647","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41938","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41912","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41548","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41634","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41544","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41571","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41898","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41913","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41902","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41888","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13677"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b"},{"reference_url":"https://www.drupal.org/sa-core-2021-010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-010"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13677","reference_id":"CVE-2020-13677","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13677"},{"reference_url":"https://github.com/advisories/GHSA-3xr3-phjp-g6p2","reference_id":"GHSA-3xr3-phjp-g6p2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xr3-phjp-g6p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13677","GHSA-3xr3-phjp-g6p2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cz-mg4v-3udj"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}