Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/386331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/386331?format=api", "purl": "pkg:composer/drupal/drupal@8.3.9", "type": "composer", "namespace": "drupal", "name": "drupal", "version": "8.3.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.11", "latest_non_vulnerable_version": "11.0.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211814?format=api", "vulnerability_id": "VCID-1hfc-zbn8-5khn", "summary": "Drupal core uses a vulnerable Third-party library CKEditor", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2020-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-001" }, { "reference_url": "https://github.com/advisories/GHSA-337w-fxpq-5m34", "reference_id": "GHSA-337w-fxpq-5m34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-337w-fxpq-5m34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31253?format=api", "purl": "pkg:composer/drupal/drupal@8.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/31252?format=api", "purl": "pkg:composer/drupal/drupal@8.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-6j4t-zjnf-fbd3" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4" } ], "aliases": [ "GHSA-337w-fxpq-5m34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hfc-zbn8-5khn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362295?format=api", "vulnerability_id": "VCID-1njn-2hyh-hyhn", "summary": "Cross-site Scripting\nXSS vulnerabiltiy in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386384?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/421909?format=api", "purl": "pkg:composer/drupal/drupal@8.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qec2-bj92-pue9" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/386385?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "GMS-2018-57" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1njn-2hyh-hyhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211806?format=api", "vulnerability_id": "VCID-1up8-x9s6-vbd5", "summary": "Drupal Anonymous Open Redirect", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-x6v2-xmrq-574j", "reference_id": "GHSA-x6v2-xmrq-574j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6v2-xmrq-574j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31247?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-x6v2-xmrq-574j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1up8-x9s6-vbd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211812?format=api", "vulnerability_id": "VCID-26az-uqef-w7aq", "summary": "Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-012" }, { "reference_url": "https://github.com/advisories/GHSA-m9fv-whq2-6wmc", "reference_id": "GHSA-m9fv-whq2-6wmc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9fv-whq2-6wmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31249?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/31250?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-6j4t-zjnf-fbd3" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-m9fv-whq2-6wmc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26az-uqef-w7aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59568?format=api", "vulnerability_id": "VCID-26ck-rher-hfg4", "summary": "A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78971", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78888", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78954", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "sa-core-2024-004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372343?format=api", "purl": "pkg:composer/drupal/drupal@10.2.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372344?format=api", "purl": "pkg:composer/drupal/drupal@10.3.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372350?format=api", "purl": "pkg:composer/drupal/drupal@11.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208145?format=api", "vulnerability_id": "VCID-2wdn-8583-v3dg", "summary": "Exposure of Resource to Wrong Sphere in Drupal Core", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62873", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62771", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62885", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13670" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d" }, { "reference_url": "https://www.drupal.org/sa-core-2020-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13670", "reference_id": "CVE-2020-13670", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13670" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml", "reference_id": "CVE-2020-13670.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml", "reference_id": "CVE-2020-13670.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mmjr-5q74-p3m4", "reference_id": "GHSA-mmjr-5q74-p3m4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmjr-5q74-p3m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19344?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/19350?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/19346?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13670", "GHSA-mmjr-5q74-p3m4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wdn-8583-v3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211811?format=api", "vulnerability_id": "VCID-4u3b-stye-77ah", "summary": "Drupal core Access control bypass", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-011" }, { "reference_url": "https://github.com/advisories/GHSA-5x28-3f32-x523", "reference_id": "GHSA-5x28-3f32-x523", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5x28-3f32-x523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31249?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/31250?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-6j4t-zjnf-fbd3" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-5x28-3f32-x523" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3b-stye-77ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211809?format=api", "vulnerability_id": "VCID-4z8y-2e7d-7qhb", "summary": "Drupal core Remote Code Execution", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-4.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-jf8c-36vw-98x4", "reference_id": "GHSA-jf8c-36vw-98x4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jf8c-36vw-98x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31247?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-jf8c-36vw-98x4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4z8y-2e7d-7qhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/153611?format=api", "vulnerability_id": "VCID-57nk-7ugd-vucf", "summary": "Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85938", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85997", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85987", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13671" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13671" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/", "reference_id": "5KSFM672XW3X6BR7TVKRD63SLZGKK437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/" }, { "reference_url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw", "reference_id": "GHSA-68jc-v27h-vhmw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68jc-v27h-vhmw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/", "reference_id": "KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/" }, { "reference_url": "https://www.drupal.org/sa-core-2020-012", "reference_id": "sa-core-2020-012", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/" } ], "url": "https://www.drupal.org/sa-core-2020-012" }, { "reference_url": "https://usn.ubuntu.com/6981-1/", "reference_id": "USN-6981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-1/" }, { "reference_url": "https://usn.ubuntu.com/6981-2/", "reference_id": "USN-6981-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6981-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382206?format=api", "purl": "pkg:composer/drupal/drupal@8.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/382207?format=api", "purl": "pkg:composer/drupal/drupal@8.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/382208?format=api", "purl": "pkg:composer/drupal/drupal@9.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8" } ], "aliases": [ "CVE-2020-13671", "GHSA-68jc-v27h-vhmw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57nk-7ugd-vucf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40418?format=api", "vulnerability_id": "VCID-7sar-42a4-kqdy", "summary": "core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99444", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "3457781", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "CVE-2024-45440", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "CVE-2024-45440-EXPLAINED", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33152?format=api", "purl": "pkg:composer/drupal/drupal@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/736819?format=api", "purl": "pkg:composer/drupal/drupal@10.3.0-beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33154?format=api", "purl": "pkg:composer/drupal/drupal@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/736822?format=api", "purl": "pkg:composer/drupal/drupal@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33149?format=api", "purl": "pkg:composer/drupal/drupal@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-ggb3-jgrj-hken" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177343?format=api", "vulnerability_id": "VCID-bha5-1s4u-3bg6", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28615", "scoring_system": "epss", "scoring_elements": "0.96644", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.28615", "scoring_system": "epss", "scoring_elements": "0.96656", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.28615", "scoring_system": "epss", "scoring_elements": "0.96655", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1" }, { "reference_url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11831" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/36" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2019-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-psa-2019-007/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4445" }, { "reference_url": "https://www.drupal.org/sa-core-2019-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-007" }, { "reference_url": "https://www.drupal.org/SA-CORE-2019-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2019-007" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_22" }, { "reference_url": "http://www.securityfocus.com/bid/108302", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108302" }, { "reference_url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc", "reference_id": "GHSA-xv7v-rf6g-xwrc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7v-rf6g-xwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382595?format=api", "purl": "pkg:composer/drupal/drupal@8.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/382596?format=api", "purl": "pkg:composer/drupal/drupal@8.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.1" } ], "aliases": [ "CVE-2019-11831", "GHSA-xv7v-rf6g-xwrc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bha5-1s4u-3bg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362316?format=api", "vulnerability_id": "VCID-bxdv-fxzq-sbdz", "summary": "Code Injection\nInjection in `DefaultMailSystem::mail()`.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GMS-2018-61" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxdv-fxzq-sbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211810?format=api", "vulnerability_id": "VCID-cs4j-rhc4-xbhd", "summary": "Drupal core Denial of Service", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-009" }, { "reference_url": "https://github.com/advisories/GHSA-w333-5f96-mjrr", "reference_id": "GHSA-w333-5f96-mjrr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w333-5f96-mjrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31249?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/31250?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-6j4t-zjnf-fbd3" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-w333-5f96-mjrr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4j-rhc4-xbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173496?format=api", "vulnerability_id": "VCID-ed3c-h2ww-j3gm", "summary": "guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76567", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76651", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76636", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775" }, { "reference_url": "https://github.com/guzzle/psr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236", "reference_id": "1008236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236" }, { "reference_url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_id": "9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775", "reference_id": "CVE-2022-24775", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml", "reference_id": "CVE-2022-24775.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml" }, { "reference_url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_id": "e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" }, { "reference_url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://www.drupal.org/sa-core-2022-006", "reference_id": "sa-core-2022-006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://www.drupal.org/sa-core-2022-006" }, { "reference_url": "https://usn.ubuntu.com/6670-1/", "reference_id": "USN-6670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392285?format=api", "purl": "pkg:composer/drupal/drupal@9.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/546039?format=api", "purl": "pkg:composer/drupal/drupal@9.3.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392286?format=api", "purl": "pkg:composer/drupal/drupal@9.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-cdm9-t56e-83aj" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/546042?format=api", "purl": "pkg:composer/drupal/drupal@10.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.0.0-alpha1" } ], "aliases": [ "CVE-2022-24775", "GHSA-q7rv-6hp3-vh96" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362315?format=api", "vulnerability_id": "VCID-ejwp-ehyk-r3cf", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GMS-2018-59" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejwp-ehyk-r3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179359?format=api", "vulnerability_id": "VCID-ftd8-be73-5bc3", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98942", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.76091", "scoring_system": "epss", "scoring_elements": "0.98947", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339", "reference_id": "CVE-2019-6339", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml", "reference_id": "CVE-2019-6339.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml", "reference_id": "CVE-2019-6339.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46", "reference_id": "GHSA-8cw5-rv98-5c46", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cw5-rv98-5c46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15865?format=api", "purl": "pkg:composer/drupal/drupal@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15864?format=api", "purl": "pkg:composer/drupal/drupal@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6" } ], "aliases": [ "CVE-2019-6339", "GHSA-8cw5-rv98-5c46" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftd8-be73-5bc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163547?format=api", "vulnerability_id": "VCID-hdq9-fe9e-93hb", "summary": "In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69437", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.6945", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69346", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf" }, { "reference_url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275", "reference_id": "CVE-2022-25275", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml", "reference_id": "CVE-2022-25275.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3", "reference_id": "GHSA-xh3v-6f9j-wxw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3" }, { "reference_url": "https://www.drupal.org/sa-core-2022-012", "reference_id": "sa-core-2022-012", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/" } ], "url": "https://www.drupal.org/sa-core-2022-012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393432?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/393433?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25275", "GHSA-xh3v-6f9j-wxw3", "GMS-2022-3362" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq9-fe9e-93hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362323?format=api", "vulnerability_id": "VCID-hyd9-kcsg-5kgb", "summary": "Improper Access Control in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GMS-2018-58" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyd9-kcsg-5kgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/161730?format=api", "vulnerability_id": "VCID-kepa-chya-sfdb", "summary": "Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99979", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6340" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "http://www.securityfocus.com/bid/107106", "reference_id": "107106", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "http://www.securityfocus.com/bid/107106" }, { "reference_url": "https://www.exploit-db.com/exploits/46452/", "reference_id": "46452", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46452/" }, { "reference_url": "https://www.exploit-db.com/exploits/46459/", "reference_id": "46459", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46459/" }, { "reference_url": "https://www.exploit-db.com/exploits/46510/", "reference_id": "46510", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.exploit-db.com/exploits/46510/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb" }, { "reference_url": "https://www.ambionics.io/blog/drupal8-rce", "reference_id": "CVE-2019-6340", "reference_type": "exploit", "scores": [], "url": "https://www.ambionics.io/blog/drupal8-rce" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "sa-core-2019-003", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "Synology_SA_19_09", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21730?format=api", "purl": "pkg:composer/drupal/drupal@8.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/21731?format=api", "purl": "pkg:composer/drupal/drupal@8.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10" } ], "aliases": [ "CVE-2019-6340", "GHSA-3gx6-h57h-rm27" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kepa-chya-sfdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159572?format=api", "vulnerability_id": "VCID-krjp-u36k-17fs", "summary": "A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94382", "scoring_system": "epss", "scoring_elements": "0.99971", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602" }, { "reference_url": "https://www.exploit-db.com/exploits/44542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44542" }, { "reference_url": "https://www.exploit-db.com/exploits/44557", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44557" }, { "reference_url": "http://www.securityfocus.com/bid/103985", "reference_id": "103985", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securityfocus.com/bid/103985" }, { "reference_url": "http://www.securitytracker.com/id/1040754", "reference_id": "1040754", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "http://www.securitytracker.com/id/1040754" }, { "reference_url": "https://www.exploit-db.com/exploits/44542/", "reference_id": "44542", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44542/" }, { "reference_url": "https://www.exploit-db.com/exploits/44557/", "reference_id": "44557", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44557/" }, { "reference_url": "https://security.archlinux.org/ASA-201804-10", "reference_id": "ASA-201804-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-10" }, { "reference_url": "https://security.archlinux.org/AVG-679", "reference_id": "AVG-679", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-679" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb", "reference_id": "CVE-2018-7602", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44557.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602", "reference_id": "CVE-2018-7602", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7602" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44542.txt" }, { "reference_url": "https://pastebin.com/pRM8nmwj", "reference_id": "CVE-2018-7602;SA-CORE-2018-004", "reference_type": "exploit", "scores": [], "url": "https://pastebin.com/pRM8nmwj" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml", "reference_id": "CVE-2018-7602.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml", "reference_id": "CVE-2018-7602.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4180", "reference_id": "dsa-4180", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4180" }, { "reference_url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg", "reference_id": "GHSA-297x-j9pm-xjgg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-297x-j9pm-xjgg" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" }, { "reference_url": "https://www.drupal.org/sa-core-2018-004", "reference_id": "sa-core-2018-004", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-004" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30734?format=api", "purl": "pkg:composer/drupal/drupal@8.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30736?format=api", "purl": "pkg:composer/drupal/drupal@8.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.3" } ], "aliases": [ "CVE-2018-7602", "GHSA-297x-j9pm-xjgg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krjp-u36k-17fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211808?format=api", "vulnerability_id": "VCID-krqe-tg7a-yuex", "summary": "Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-jjx7-8462-w4m4", "reference_id": "GHSA-jjx7-8462-w4m4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjx7-8462-w4m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31247?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-jjx7-8462-w4m4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krqe-tg7a-yuex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208142?format=api", "vulnerability_id": "VCID-kryq-8j5g-d7a6", "summary": "Cross-site Scripting in Drupal Core", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45174", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45025", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45186", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13668" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8" }, { "reference_url": "https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb" }, { "reference_url": "https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2" }, { "reference_url": "https://www.drupal.org/sa-core-2020-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13668", "reference_id": "CVE-2020-13668", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13668" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml", "reference_id": "CVE-2020-13668.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml", "reference_id": "CVE-2020-13668.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m6q5-wv4x-fv6h", "reference_id": "GHSA-m6q5-wv4x-fv6h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6q5-wv4x-fv6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19344?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/19350?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/19346?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13668", "GHSA-m6q5-wv4x-fv6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kryq-8j5g-d7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211804?format=api", "vulnerability_id": "VCID-nbzz-f1n8-mbdw", "summary": "Drupal External URL injection through URL aliases leading to Open Redirect", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-r67r-42wx-c8r7", "reference_id": "GHSA-r67r-42wx-c8r7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r67r-42wx-c8r7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31247?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-r67r-42wx-c8r7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbzz-f1n8-mbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163420?format=api", "vulnerability_id": "VCID-nhub-1map-n3by", "summary": "Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02448", "scoring_system": "epss", "scoring_elements": "0.85523", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02448", "scoring_system": "epss", "scoring_elements": "0.85584", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02448", "scoring_system": "epss", "scoring_elements": "0.85574", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17" }, { "reference_url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277", "reference_id": "CVE-2022-25277", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml", "reference_id": "CVE-2022-25277.YAML", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6955-67hm-vjjq", "reference_id": "GHSA-6955-67hm-vjjq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6955-67hm-vjjq" }, { "reference_url": "https://www.drupal.org/sa-core-2022-014", "reference_id": "sa-core-2022-014", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/" } ], "url": "https://www.drupal.org/sa-core-2022-014" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393432?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/393433?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25277", "GHSA-6955-67hm-vjjq", "GMS-2022-3361" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhub-1map-n3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196859?format=api", "vulnerability_id": "VCID-qvsn-ab7h-cqc5", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68661", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68571", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68674", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-002" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672", "reference_id": "CVE-2020-13672", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3m36-mjwj-352c", "reference_id": "GHSA-3m36-mjwj-352c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m36-mjwj-352c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19339?format=api", "purl": "pkg:composer/drupal/drupal@8.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/19355?format=api", "purl": "pkg:composer/drupal/drupal@9.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/19342?format=api", "purl": "pkg:composer/drupal/drupal@9.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.7" } ], "aliases": [ "CVE-2020-13672", "GHSA-3m36-mjwj-352c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvsn-ab7h-cqc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179358?format=api", "vulnerability_id": "VCID-s5ak-abr9-vbe6", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77989", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.77922", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01047", "scoring_system": "epss", "scoring_elements": "0.78002", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4370", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4370" }, { "reference_url": "https://www.drupal.org/sa-core-2019-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-001" }, { "reference_url": "http://www.securityfocus.com/bid/106706", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106706" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338", "reference_id": "CVE-2019-6338", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6338" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml", "reference_id": "CVE-2019-6338.YAML", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp", "reference_id": "GHSA-6rmq-x2hv-vxpp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rmq-x2hv-vxpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15865?format=api", "purl": "pkg:composer/drupal/drupal@8.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15864?format=api", "purl": "pkg:composer/drupal/drupal@8.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6" } ], "aliases": [ "CVE-2019-6338", "GHSA-6rmq-x2hv-vxpp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ak-abr9-vbe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211807?format=api", "vulnerability_id": "VCID-s93m-ue36-vyg1", "summary": "Drupal Malicious file upload with filenames stating with dot", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2019-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-010" }, { "reference_url": "https://github.com/advisories/GHSA-58xv-7h9r-mx3c", "reference_id": "GHSA-58xv-7h9r-mx3c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58xv-7h9r-mx3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31249?format=api", "purl": "pkg:composer/drupal/drupal@8.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/31250?format=api", "purl": "pkg:composer/drupal/drupal@8.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-6j4t-zjnf-fbd3" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hfsr-jhw7-b3ap" }, { "vulnerability": "VCID-jp51-ftxv-4ud9" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-kufg-z717-b7hm" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1" } ], "aliases": [ "GHSA-58xv-7h9r-mx3c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s93m-ue36-vyg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211805?format=api", "vulnerability_id": "VCID-t33g-z4ps-ykcy", "summary": "Drupal Content moderation Access bypass", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-1.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-86xw-vmcx-9mj4", "reference_id": "GHSA-86xw-vmcx-9mj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86xw-vmcx-9mj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31247?format=api", "purl": "pkg:composer/drupal/drupal@8.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GHSA-86xw-vmcx-9mj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t33g-z4ps-ykcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362317?format=api", "vulnerability_id": "VCID-txdd-bamb-ckcy", "summary": "Improper Access Control\nIn some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GMS-2018-62" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txdd-bamb-ckcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211816?format=api", "vulnerability_id": "VCID-u8xe-6xh5-6ygb", "summary": "Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2021-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-005" }, { "reference_url": "https://github.com/advisories/GHSA-qf65-hph9-453r", "reference_id": "GHSA-qf65-hph9-453r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf65-hph9-453r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31259?format=api", "purl": "pkg:composer/drupal/drupal@8.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/31258?format=api", "purl": "pkg:composer/drupal/drupal@9.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/31261?format=api", "purl": "pkg:composer/drupal/drupal@9.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-6se4-tmwu-47b2" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-gffn-t1yz-5fgj" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-sdue-15dg-4ugt" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-yjm8-gadp-jkhr" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4" } ], "aliases": [ "GHSA-qf65-hph9-453r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8xe-6xh5-6ygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211815?format=api", "vulnerability_id": "VCID-uj1s-21kp-pbhy", "summary": "Drupal core Arbitrary PHP code execution", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-j66p-fvp2-fxhj", "reference_id": "GHSA-j66p-fvp2-fxhj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66p-fvp2-fxhj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31255?format=api", "purl": "pkg:composer/drupal/drupal@8.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/31257?format=api", "purl": "pkg:composer/drupal/drupal@8.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/31256?format=api", "purl": "pkg:composer/drupal/drupal@9.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9" } ], "aliases": [ "GHSA-j66p-fvp2-fxhj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-21kp-pbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175225?format=api", "vulnerability_id": "VCID-vc7s-6p62-bfaw", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58311", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2" }, { "reference_url": "https://www.drupal.org/sa-core-2019-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909" }, { "reference_url": "https://symfony.com/cve-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10909" }, { "reference_url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine", "reference_id": "CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml", "reference_id": "CVE-2019-10909.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml", "reference_id": "CVE-2019-10909.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml", "reference_id": "CVE-2019-10909.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml", "reference_id": "CVE-2019-10909.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2", "reference_id": "GHSA-g996-q5r8-w7g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15739?format=api", "purl": "pkg:composer/drupal/drupal@8.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/15747?format=api", "purl": "pkg:composer/drupal/drupal@8.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15" } ], "aliases": [ "CVE-2019-10909", "GHSA-g996-q5r8-w7g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163388?format=api", "vulnerability_id": "VCID-wn4r-rc6m-xbhy", "summary": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65614", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65504", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65604", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278" }, { "reference_url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85", "reference_id": "GHSA-cfh2-7f6h-3m85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85" }, { "reference_url": "https://www.drupal.org/sa-core-2022-013", "reference_id": "sa-core-2022-013", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/" } ], "url": "https://www.drupal.org/sa-core-2022-013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393432?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/393433?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25278", "GHSA-cfh2-7f6h-3m85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wn4r-rc6m-xbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362370?format=api", "vulnerability_id": "VCID-x78g-nsnv-ebhc", "summary": "Cross-site Scripting vulnerability in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2019-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/391032?format=api", "purl": "pkg:composer/drupal/drupal@8.6.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.12" } ], "aliases": [ "GMS-2019-148" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x78g-nsnv-ebhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208141?format=api", "vulnerability_id": "VCID-yku8-k9fs-d7c8", "summary": "Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42605", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42442", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42626", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13669" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2020-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2020-010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13669", "reference_id": "CVE-2020-13669", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13669" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml", "reference_id": "CVE-2020-13669.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml", "reference_id": "CVE-2020-13669.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-c533-c843-67h8", "reference_id": "GHSA-c533-c843-67h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c533-c843-67h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19344?format=api", "purl": "pkg:composer/drupal/drupal@8.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/19350?format=api", "purl": "pkg:composer/drupal/drupal@8.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/19346?format=api", "purl": "pkg:composer/drupal/drupal@9.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7r9b-pzqb-cqea" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-muhk-wbuy-97bu" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-sqp3-huku-rqcc" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6" } ], "aliases": [ "CVE-2020-13669", "GHSA-c533-c843-67h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yku8-k9fs-d7c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362318?format=api", "vulnerability_id": "VCID-ytts-zj5y-2kdc", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nAnonymous Open Redirect in drupal.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31248?format=api", "purl": "pkg:composer/drupal/drupal@8.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2" } ], "aliases": [ "GMS-2018-60" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytts-zj5y-2kdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/308412?format=api", "vulnerability_id": "VCID-zt27-b3qc-fbac", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59214", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59325", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59337", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9861" }, { "reference_url": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9861", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9861" }, { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-003" }, { "reference_url": "http://www.securityfocus.com/bid/103924", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103924" }, { "reference_url": "https://github.com/advisories/GHSA-g78h-pf65-46rv", "reference_id": "GHSA-g78h-pf65-46rv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g78h-pf65-46rv" }, { "reference_url": "https://usn.ubuntu.com/5340-1/", "reference_id": "USN-5340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5340-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5340-2/", "reference_id": "USN-USN-5340-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5340-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386384?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/386385?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "CVE-2018-9861", "GHSA-g78h-pf65-46rv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zt27-b3qc-fbac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163574?format=api", "vulnerability_id": "VCID-zxut-nxke-7fce", "summary": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65115", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65126", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65015", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273" }, { "reference_url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9", "reference_id": "GHSA-g36h-4jr6-qmm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9" }, { "reference_url": "https://www.drupal.org/sa-core-2022-008", "reference_id": "sa-core-2022-008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/" } ], "url": "https://www.drupal.org/sa-core-2022-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393440?format=api", "purl": "pkg:composer/drupal/drupal@9.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/393435?format=api", "purl": "pkg:composer/drupal/drupal@9.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12" } ], "aliases": [ "CVE-2022-25273", "GHSA-g36h-4jr6-qmm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxut-nxke-7fce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349116?format=api", "vulnerability_id": "VCID-zymc-a812-1ua5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83322", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83383", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83392", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276" }, { "reference_url": "https://www.drupal.org/sa-core-2022-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-015" }, { "reference_url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx", "reference_id": "GHSA-4wfq-jc9h-vpcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393432?format=api", "purl": "pkg:composer/drupal/drupal@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/393433?format=api", "purl": "pkg:composer/drupal/drupal@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3" } ], "aliases": [ "CVE-2022-25276", "GHSA-4wfq-jc9h-vpcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zymc-a812-1ua5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159574?format=api", "vulnerability_id": "VCID-ku79-by46-s3h9", "summary": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94489", "scoring_system": "epss", "scoring_elements": "1.0", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7600" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600" }, { "reference_url": "https://www.exploit-db.com/exploits/44448", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44448" }, { "reference_url": "https://www.exploit-db.com/exploits/44449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44449" }, { "reference_url": "https://www.exploit-db.com/exploits/44482", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/44482" }, { "reference_url": "http://www.securityfocus.com/bid/103534", "reference_id": "103534", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securityfocus.com/bid/103534" }, { "reference_url": "http://www.securitytracker.com/id/1040598", "reference_id": "1040598", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "http://www.securitytracker.com/id/1040598" }, { "reference_url": "https://www.exploit-db.com/exploits/44448/", "reference_id": "44448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44448/" }, { "reference_url": "https://www.exploit-db.com/exploits/44449/", "reference_id": "44449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44449/" }, { "reference_url": "https://www.exploit-db.com/exploits/44482/", "reference_id": "44482", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.exploit-db.com/exploits/44482/" }, { "reference_url": "https://twitter.com/arancaytar/status/979090719003627521", "reference_id": "979090719003627521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/arancaytar/status/979090719003627521" }, { "reference_url": "https://twitter.com/RicterZ/status/979567469726613504", "reference_id": "979567469726613504", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/979567469726613504" }, { "reference_url": "https://twitter.com/RicterZ/status/984495201354854401", "reference_id": "984495201354854401", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://twitter.com/RicterZ/status/984495201354854401" }, { "reference_url": "https://security.archlinux.org/ASA-201804-1", "reference_id": "ASA-201804-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-1" }, { "reference_url": "https://security.archlinux.org/AVG-665", "reference_id": "AVG-665", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-665" }, { "reference_url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know", "reference_id": "critical-drupal-core-vulnerability-what-you-need-to-know", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600", "reference_id": "CVE-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/a2u/CVE-2018-7600" }, { "reference_url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/a2u/CVE-2018-7600/blob/2c623a6a9ea641119cf7ee75cd344fb32047169b/exploit.py" }, { "reference_url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://github.com/dreadlocked/Drupalgeddon2/blob/16cac1b2336d38642f75eb7b7e2c833b2c3f49b1/drupalgeddon2.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/44482.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44448.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb", "reference_id": "CVE-2018-7600", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44449.rb" }, { "reference_url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE", "reference_id": "CVE-2018-7600-Drupal-RCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4156", "reference_id": "dsa-4156", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4156" }, { "reference_url": "https://groups.drupal.org/security/faq-2018-002", "reference_id": "faq-2018-002", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://groups.drupal.org/security/faq-2018-002" }, { "reference_url": "https://github.com/advisories/GHSA-7fh9-933g-885p", "reference_id": "GHSA-7fh9-933g-885p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fh9-933g-885p" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html" }, { "reference_url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/", "reference_id": "over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/" }, { "reference_url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714", "reference_id": "remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714" }, { "reference_url": "https://www.drupal.org/sa-core-2018-002", "reference_id": "sa-core-2018-002", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.drupal.org/sa-core-2018-002" }, { "reference_url": "https://greysec.net/showthread.php?tid=2912&pid=10561", "reference_id": "showthread.php?tid=2912&pid=10561", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://greysec.net/showthread.php?tid=2912&pid=10561" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_18_17", "reference_id": "Synology_SA_18_17", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://www.synology.com/support/security/Synology_SA_18_17" }, { "reference_url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/", "reference_id": "uncovering-drupalgeddon-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/" } ], "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-4773-1/", "reference_id": "USN-USN-4773-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4773-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386330?format=api", "purl": "pkg:composer/drupal/drupal@7.58.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.58.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/386331?format=api", "purl": "pkg:composer/drupal/drupal@8.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1njn-2hyh-hyhn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zt27-b3qc-fbac" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/386332?format=api", "purl": "pkg:composer/drupal/drupal@8.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1njn-2hyh-hyhn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zt27-b3qc-fbac" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/386333?format=api", "purl": "pkg:composer/drupal/drupal@8.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-zbn8-5khn" }, { "vulnerability": "VCID-1njn-2hyh-hyhn" }, { "vulnerability": "VCID-1up8-x9s6-vbd5" }, { "vulnerability": "VCID-26az-uqef-w7aq" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-2wdn-8583-v3dg" }, { "vulnerability": "VCID-4u3b-stye-77ah" }, { "vulnerability": "VCID-4z8y-2e7d-7qhb" }, { "vulnerability": "VCID-57nk-7ugd-vucf" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-bha5-1s4u-3bg6" }, { "vulnerability": "VCID-bxdv-fxzq-sbdz" }, { "vulnerability": "VCID-cs4j-rhc4-xbhd" }, { "vulnerability": "VCID-d6bg-1u2b-1qdt" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-ejwp-ehyk-r3cf" }, { "vulnerability": "VCID-ftd8-be73-5bc3" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-hyd9-kcsg-5kgb" }, { "vulnerability": "VCID-kepa-chya-sfdb" }, { "vulnerability": "VCID-krjp-u36k-17fs" }, { "vulnerability": "VCID-krqe-tg7a-yuex" }, { "vulnerability": "VCID-kryq-8j5g-d7a6" }, { "vulnerability": "VCID-nbzz-f1n8-mbdw" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-qvsn-ab7h-cqc5" }, { "vulnerability": "VCID-s5ak-abr9-vbe6" }, { "vulnerability": "VCID-s93m-ue36-vyg1" }, { "vulnerability": "VCID-t33g-z4ps-ykcy" }, { "vulnerability": "VCID-txdd-bamb-ckcy" }, { "vulnerability": "VCID-u8xe-6xh5-6ygb" }, { "vulnerability": "VCID-uj1s-21kp-pbhy" }, { "vulnerability": "VCID-vc7s-6p62-bfaw" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-x78g-nsnv-ebhc" }, { "vulnerability": "VCID-yku8-k9fs-d7c8" }, { "vulnerability": "VCID-ytts-zj5y-2kdc" }, { "vulnerability": "VCID-zt27-b3qc-fbac" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.1" } ], "aliases": [ "CVE-2018-7600", "GHSA-7fh9-933g-885p" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ku79-by46-s3h9" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9" }