{"url":"http://public2.vulnerablecode.io/api/packages/52626?format=json","purl":"pkg:composer/drupal/core@7.0.0","type":"composer","namespace":"drupal","name":"core","version":"7.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.58.0","latest_non_vulnerable_version":"11.2.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42433?format=json","vulnerability_id":"VCID-2g67-a42m-qfbh","summary":"Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.","references":[{"reference_url":"https://www.drupal.org/sa-core-2022-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2022-003"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25271","reference_id":"CVE-2022-25271","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25271"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60697?format=json","purl":"pkg:composer/drupal/core@9.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/60698?format=json","purl":"pkg:composer/drupal/core@9.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r1hd-d39y-syhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6"}],"aliases":["CVE-2022-25271"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39448?format=json","vulnerability_id":"VCID-6rtn-zphz-sydn","summary":"Incorrect Permission Assignment for Critical Resource\nWhen using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.","references":[{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6928","reference_id":"CVE-2017-6928","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"}],"aliases":["CVE-2017-6928"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rtn-zphz-sydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30634?format=json","vulnerability_id":"VCID-84eq-cq89-9qhm","summary":"Modification of Assumed-Immutable Data (MAID)\nPrototype pollution attack through jQuery $.extend","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:1570","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:1570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1456","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2587","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3023","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3024","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3024"},{"reference_url":"https://backdropcms.org/security/backdrop-sa-core-2019-009","reference_id":"","reference_type":"","scores":[],"url":"https://backdropcms.org/security/backdrop-sa-core-2019-009"},{"reference_url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released","reference_id":"","reference_type":"","scores":[],"url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released"},{"reference_url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"},{"reference_url":"https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f"},{"reference_url":"https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829"},{"reference_url":"https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad"},{"reference_url":"https://github.com/jquery/jquery","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jquery/jquery"},{"reference_url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"},{"reference_url":"https://github.com/jquery/jquery/pull/4333","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jquery/jquery/pull/4333"},{"reference_url":"https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"},{"reference_url":"https://github.com/maximebf/php-debugbar/issues/447","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/maximebf/php-debugbar/issues/447"},{"reference_url":"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"},{"reference_url":"https://hackerone.com/reports/454365","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://hackerone.com/reports/454365"},{"reference_url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","reference_id":"","reference_type":"","scores":[],"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"},{"reference_url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/32","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/32"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://seclists.org/bugtraq/2019/May/18","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190919-0001","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190919-0001"},{"reference_url":"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226","reference_id":"","reference_type":"","scores":[],"url":"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006","reference_id":"","reference_type":"","scores":[],"url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006"},{"reference_url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1","reference_id":"","reference_type":"","scores":[],"url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"},{"reference_url":"https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023"},{"reference_url":"https://www.debian.org/security/2019/dsa-4434","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4434"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases"},{"reference_url":"https://www.drupal.org/sa-core-2019-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-006"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery","reference_id":"","reference_type":"","scores":[],"url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://www.tenable.com/security/tns-2019-08","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-08"},{"reference_url":"https://www.tenable.com/security/tns-2020-02","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2020-02"},{"reference_url":"http://www.securityfocus.com/bid/108023","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108023"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json","reference_id":"496","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","reference_id":"CVE-2019-11358","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml","reference_id":"CVE-2019-11358.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml"},{"reference_url":"https://github.com/advisories/GHSA-6c3j-c64m-qhgq","reference_id":"GHSA-6c3j-c64m-qhgq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6c3j-c64m-qhgq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57855?format=json","purl":"pkg:composer/drupal/core@8.5.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/57856?format=json","purl":"pkg:composer/drupal/core@8.6.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15"}],"aliases":["CVE-2019-11358","GHSA-6c3j-c64m-qhgq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84eq-cq89-9qhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43516?format=json","vulnerability_id":"VCID-9nk8-dban-g7h9","summary":"Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)","references":[{"reference_url":"https://github.com/drupal/drupal","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/drupal"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340"},{"reference_url":"https://www.drupal.org/sa-core-2019-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-003"},{"reference_url":"https://www.exploit-db.com/exploits/46452","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46452"},{"reference_url":"https://www.exploit-db.com/exploits/46459","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46459"},{"reference_url":"https://www.exploit-db.com/exploits/46510","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46510"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_09","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_09"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6340","reference_id":"CVE-2019-6340","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6340"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml","reference_id":"CVE-2019-6340.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml","reference_id":"CVE-2019-6340.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gx6-h57h-rm27","reference_id":"GHSA-3gx6-h57h-rm27","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gx6-h57h-rm27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62442?format=json","purl":"pkg:composer/drupal/core@7.62.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.62.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62443?format=json","purl":"pkg:composer/drupal/core@8.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62441?format=json","purl":"pkg:composer/drupal/core@8.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10"}],"aliases":["CVE-2019-6340","GHSA-3gx6-h57h-rm27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nk8-dban-g7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48406?format=json","vulnerability_id":"VCID-a3s2-c4k2-4ufn","summary":"Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.","references":[{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2025-008","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2025-008"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13083","reference_id":"CVE-2025-13083","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13083"},{"reference_url":"https://github.com/advisories/GHSA-mhpg-hpj5-73r2","reference_id":"GHSA-mhpg-hpj5-73r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mhpg-hpj5-73r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71452?format=json","purl":"pkg:composer/drupal/core@7.103.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.103.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71441?format=json","purl":"pkg:composer/drupal/core@10.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/71442?format=json","purl":"pkg:composer/drupal/core@10.5.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/71443?format=json","purl":"pkg:composer/drupal/core@11.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/71444?format=json","purl":"pkg:composer/drupal/core@11.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8"}],"aliases":["CVE-2025-13083","GHSA-mhpg-hpj5-73r2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4273?format=json","vulnerability_id":"VCID-a4u4-ga84-wyf9","summary":"arbitrary command execution","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602"},{"reference_url":"https://www.debian.org/security/2018/dsa-4180","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4180"},{"reference_url":"https://www.drupal.org/sa-core-2018-004","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-004"},{"reference_url":"https://www.exploit-db.com/exploits/44542","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44542"},{"reference_url":"https://www.exploit-db.com/exploits/44557","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44557"},{"reference_url":"https://security.archlinux.org/ASA-201804-10","reference_id":"ASA-201804-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-10"},{"reference_url":"https://security.archlinux.org/AVG-679","reference_id":"AVG-679","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-679"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7602","reference_id":"CVE-2018-7602","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7602"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml","reference_id":"CVE-2018-7602.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml","reference_id":"CVE-2018-7602.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml"},{"reference_url":"https://github.com/advisories/GHSA-297x-j9pm-xjgg","reference_id":"GHSA-297x-j9pm-xjgg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-297x-j9pm-xjgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69862?format=json","purl":"pkg:composer/drupal/core@7.59.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.59.0"},{"url":"http://public2.vulnerablecode.io/api/packages/69863?format=json","purl":"pkg:composer/drupal/core@8.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/69864?format=json","purl":"pkg:composer/drupal/core@8.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.3"}],"aliases":["CVE-2018-7602","GHSA-297x-j9pm-xjgg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4u4-ga84-wyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45048?format=json","vulnerability_id":"VCID-a7ss-tkb6-gkge","summary":"Improper access control\nIn some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.","references":[{"reference_url":"https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf"},{"reference_url":"https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116"},{"reference_url":"https://www.drupal.org/sa-core-2022-012","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2022-012"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25275","reference_id":"CVE-2022-25275","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25275"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml","reference_id":"CVE-2022-25275.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xh3v-6f9j-wxw3","reference_id":"GHSA-xh3v-6f9j-wxw3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xh3v-6f9j-wxw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64975?format=json","purl":"pkg:composer/drupal/core@9.3.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/64976?format=json","purl":"pkg:composer/drupal/core@9.4.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3"}],"aliases":["CVE-2022-25275","GHSA-xh3v-6f9j-wxw3","GMS-2022-3362"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45058?format=json","vulnerability_id":"VCID-bge7-rqsx-gfee","summary":"Access bypass in Drupal core\nThe file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.","references":[{"reference_url":"https://www.drupal.org/sa-core-2023-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2023-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31250","reference_id":"CVE-2023-31250","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31250"},{"reference_url":"https://github.com/advisories/GHSA-8849-cv9f-vccm","reference_id":"GHSA-8849-cv9f-vccm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8849-cv9f-vccm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64992?format=json","purl":"pkg:composer/drupal/core@7.96.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.96.0"},{"url":"http://public2.vulnerablecode.io/api/packages/64993?format=json","purl":"pkg:composer/drupal/core@9.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/64990?format=json","purl":"pkg:composer/drupal/core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/64991?format=json","purl":"pkg:composer/drupal/core@10.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8"}],"aliases":["CVE-2023-31250","GHSA-8849-cv9f-vccm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bge7-rqsx-gfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40820?format=json","vulnerability_id":"VCID-e12q-qavs-qybu","summary":"Cross-site Scripting vulnerability in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2019-004","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57614?format=json","purl":"pkg:composer/drupal/core@8.6.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12"}],"aliases":["GMS-2019-147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e12q-qavs-qybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40839?format=json","vulnerability_id":"VCID-e69p-v2ws-vufj","summary":"Cross-site Scripting\nUnder certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.","references":[{"reference_url":"https://www.drupal.org/sa-core-2019-004","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-004"},{"reference_url":"https://www.drupal.org/SA-CORE-2019-004","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2019-004"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6341","reference_id":"CVE-2019-6341","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6341"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57654?format=json","purl":"pkg:composer/drupal/core@8.5.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/57655?format=json","purl":"pkg:composer/drupal/core@8.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.13"}],"aliases":["CVE-2019-6341"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e69p-v2ws-vufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40619?format=json","vulnerability_id":"VCID-e8un-nbkk-cbf9","summary":"Deserialization of Untrusted Data\nDrupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.","references":[{"reference_url":"https://www.drupal.org/sa-core-2019-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57349?format=json","purl":"pkg:composer/drupal/core@8.6.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6"}],"aliases":["CVE-2019-6338"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8un-nbkk-cbf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38261?format=json","vulnerability_id":"VCID-ey9c-4yhy-3qa5","summary":"URL Redirection to Untrusted Site (Open Redirect)\nConfirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.","references":[{"reference_url":"https://www.drupal.org/SA-CORE-2016-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-005"},{"reference_url":"http://www.securityfocus.com/bid/94367","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94367"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9451","reference_id":"CVE-2016-9451","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"}],"aliases":["CVE-2016-9451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ey9c-4yhy-3qa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38070?format=json","vulnerability_id":"VCID-mscp-wvvx-zfh3","summary":"Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.","references":[{"reference_url":"https://www.drupal.org/SA-CORE-2016-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3169","reference_id":"CVE-2016-3169","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-zqer-y4s4-hqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"}],"aliases":["CVE-2016-3169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mscp-wvvx-zfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38084?format=json","vulnerability_id":"VCID-n5n3-p5yy-13d9","summary":"Open redirect via path manipulation\nDrupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.","references":[{"reference_url":"https://www.drupal.org/SA-CORE-2016-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3164","reference_id":"CVE-2016-3164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52631?format=json","purl":"pkg:composer/drupal/core@8.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4"}],"aliases":["CVE-2016-3164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n3-p5yy-13d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4307?format=json","vulnerability_id":"VCID-pmmq-8s2m-h7dp","summary":"arbitrary code execution","references":[{"reference_url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600","reference_id":"","reference_type":"","scores":[],"url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600"},{"reference_url":"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","reference_id":"","reference_type":"","scores":[],"url":"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core"},{"reference_url":"https://greysec.net/showthread.php?tid=2912&pid=10561","reference_id":"","reference_type":"","scores":[],"url":"https://greysec.net/showthread.php?tid=2912&pid=10561"},{"reference_url":"https://groups.drupal.org/security/faq-2018-002","reference_id":"","reference_type":"","scores":[],"url":"https://groups.drupal.org/security/faq-2018-002"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"},{"reference_url":"https://research.checkpoint.com/uncovering-drupalgeddon-2","reference_id":"","reference_type":"","scores":[],"url":"https://research.checkpoint.com/uncovering-drupalgeddon-2"},{"reference_url":"https://twitter.com/arancaytar/status/979090719003627521","reference_id":"","reference_type":"","scores":[],"url":"https://twitter.com/arancaytar/status/979090719003627521"},{"reference_url":"https://twitter.com/RicterZ/status/979567469726613504","reference_id":"","reference_type":"","scores":[],"url":"https://twitter.com/RicterZ/status/979567469726613504"},{"reference_url":"https://twitter.com/RicterZ/status/984495201354854401","reference_id":"","reference_type":"","scores":[],"url":"https://twitter.com/RicterZ/status/984495201354854401"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"},{"reference_url":"https://www.debian.org/security/2018/dsa-4156","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4156"},{"reference_url":"https://www.drupal.org/sa-core-2018-002","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-002"},{"reference_url":"https://www.exploit-db.com/exploits/44448","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44448"},{"reference_url":"https://www.exploit-db.com/exploits/44449","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44449"},{"reference_url":"https://www.exploit-db.com/exploits/44482","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44482"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_18_17","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/support/security/Synology_SA_18_17"},{"reference_url":"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"},{"reference_url":"https://security.archlinux.org/ASA-201804-1","reference_id":"ASA-201804-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-1"},{"reference_url":"https://security.archlinux.org/AVG-665","reference_id":"AVG-665","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-665"},{"reference_url":"https://github.com/a2u/CVE-2018-7600","reference_id":"CVE-2018-7600","reference_type":"","scores":[],"url":"https://github.com/a2u/CVE-2018-7600"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7600","reference_id":"CVE-2018-7600","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7600"},{"reference_url":"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","reference_id":"CVE-2018-7600-DRUPAL-RCE","reference_type":"","scores":[],"url":"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml","reference_id":"CVE-2018-7600.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml","reference_id":"CVE-2018-7600.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7fh9-933g-885p","reference_id":"GHSA-7fh9-933g-885p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7fh9-933g-885p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63075?format=json","purl":"pkg:composer/drupal/core@7.58.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.58.0"},{"url":"http://public2.vulnerablecode.io/api/packages/63076?format=json","purl":"pkg:composer/drupal/core@8.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/63077?format=json","purl":"pkg:composer/drupal/core@8.4.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/63078?format=json","purl":"pkg:composer/drupal/core@8.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.1"}],"aliases":["CVE-2018-7600","GHSA-7fh9-933g-885p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmmq-8s2m-h7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40375?format=json","vulnerability_id":"VCID-qsuc-53pg-zkda","summary":"Code Injection\nInjection in `DefaultMailSystem::mail()`.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56782?format=json","purl":"pkg:composer/drupal/core@8.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2"}],"aliases":["GMS-2018-55"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsuc-53pg-zkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3853?format=json","vulnerability_id":"VCID-tpzm-u3qp-akc8","summary":"multiple issues","references":[{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2021-002","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2021-002"},{"reference_url":"https://security.archlinux.org/AVG-1463","reference_id":"AVG-1463","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13672","reference_id":"CVE-2020-13672","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13672"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml","reference_id":"CVE-2020-13672.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml","reference_id":"CVE-2020-13672.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3m36-mjwj-352c","reference_id":"GHSA-3m36-mjwj-352c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3m36-mjwj-352c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60654?format=json","purl":"pkg:composer/drupal/core@7.80.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.80.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60655?format=json","purl":"pkg:composer/drupal/core@8.9.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14"},{"url":"http://public2.vulnerablecode.io/api/packages/60656?format=json","purl":"pkg:composer/drupal/core@9.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60657?format=json","purl":"pkg:composer/drupal/core@9.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7"}],"aliases":["CVE-2020-13672","GHSA-3m36-mjwj-352c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41563?format=json","vulnerability_id":"VCID-wsv7-je8g-sqet","summary":"Drupal core Unrestricted Upload of File with Dangerous Type\nDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.","references":[{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/drupal/core"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671"},{"reference_url":"https://www.drupal.org/sa-core-2020-012","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2020-012"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13671","reference_id":"CVE-2020-13671","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13671"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml","reference_id":"CVE-2020-13671.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml","reference_id":"CVE-2020-13671.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml"},{"reference_url":"https://github.com/advisories/GHSA-68jc-v27h-vhmw","reference_id":"GHSA-68jc-v27h-vhmw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68jc-v27h-vhmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59270?format=json","purl":"pkg:composer/drupal/core@7.74.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.74.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59269?format=json","purl":"pkg:composer/drupal/core@8.8.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59268?format=json","purl":"pkg:composer/drupal/core@8.9.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/59267?format=json","purl":"pkg:composer/drupal/core@9.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8"}],"aliases":["CVE-2020-13671","GHSA-68jc-v27h-vhmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40969?format=json","vulnerability_id":"VCID-wszp-2es5-z7fy","summary":"Moderately critical - Third-party libraries - SA-CORE-2019-007\nThe `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.","references":[{"reference_url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1"},{"reference_url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/36","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/36"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2019-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-psa-2019-007/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4445","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4445"},{"reference_url":"https://www.drupal.org/sa-core-2019-007","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-007"},{"reference_url":"https://www.drupal.org/SA-CORE-2019-007","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2019-007"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_22","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_22"},{"reference_url":"http://www.securityfocus.com/bid/108302","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11831","reference_id":"CVE-2019-11831","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11831"},{"reference_url":"https://github.com/advisories/GHSA-xv7v-rf6g-xwrc","reference_id":"GHSA-xv7v-rf6g-xwrc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xv7v-rf6g-xwrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57979?format=json","purl":"pkg:composer/drupal/core@8.6.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16"},{"url":"http://public2.vulnerablecode.io/api/packages/57980?format=json","purl":"pkg:composer/drupal/core@8.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1"}],"aliases":["CVE-2019-11831","GHSA-xv7v-rf6g-xwrc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wszp-2es5-z7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40621?format=json","vulnerability_id":"VCID-x34m-u169-1bce","summary":"Improper Input Validation\nA remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.","references":[{"reference_url":"https://www.drupal.org/sa-core-2019-002","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57349?format=json","purl":"pkg:composer/drupal/core@8.6.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6"}],"aliases":["CVE-2019-6339"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x34m-u169-1bce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40351?format=json","vulnerability_id":"VCID-yygb-pp11-5udj","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nExternal URL injection through URL aliases in drupal.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-006","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56782?format=json","purl":"pkg:composer/drupal/core@8.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2"}],"aliases":["GMS-2018-53"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yygb-pp11-5udj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0"}