{"url":"http://public2.vulnerablecode.io/api/packages/758482?format=json","purl":"pkg:composer/drupal/core@11.0.0-alpha1","type":"composer","namespace":"drupal","name":"core","version":"11.0.0-alpha1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"11.1.9","latest_non_vulnerable_version":"11.3.7","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55745?format=json","vulnerability_id":"VCID-4p4c-7rdc-37fa","summary":"Drupal Full Path Disclosure\n`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440","reference_id":"","reference_type":"","scores":[{"value":"0.86689","scoring_system":"epss","scoring_elements":"0.9944","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45440"},{"reference_url":"https://github.com/drupal/drupal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/drupal"},{"reference_url":"https://github.com/github/advisory-database/pull/4827","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/4827"},{"reference_url":"https://www.drupal.org/project/drupal/issues/3457781","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://www.drupal.org/project/drupal/issues/3457781"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.2.9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.2.9"},{"reference_url":"https://www.drupal.org/project/drupal/releases/10.3.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/10.3.6"},{"reference_url":"https://www.drupal.org/project/drupal/releases/11.0.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/project/drupal/releases/11.0.5"},{"reference_url":"https://www.exploit-db.com/exploits/52266","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/52266"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py","reference_id":"CVE-2024-45440","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440","reference_id":"CVE-2024-45440","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45440"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/","reference_id":"CVE-2024-45440-Explained","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/"}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained/"},{"reference_url":"https://senscybersecurity.nl/CVE-2024-45440-Explained","reference_id":"CVE-2024-45440-EXPLAINED","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://senscybersecurity.nl/CVE-2024-45440-Explained"},{"reference_url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc","reference_id":"GHSA-mg8j-w93w-xjgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg8j-w93w-xjgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82503?format=json","purl":"pkg:composer/drupal/core@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c5f-q858-huaw"},{"vulnerability":"VCID-6x4v-da7x-uyhh"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-b266-wste-eqh6"},{"vulnerability":"VCID-b8fw-ya7y-h7d8"},{"vulnerability":"VCID-deks-ns51-nbdg"},{"vulnerability":"VCID-hay8-hvsq-33bm"},{"vulnerability":"VCID-j7bj-atys-qfg3"},{"vulnerability":"VCID-jyz4-ymrp-pka7"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-qwge-qrwn-1faj"},{"vulnerability":"VCID-xv4d-ped2-4udz"},{"vulnerability":"VCID-yq4q-hydz-vuga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/758479?format=json","purl":"pkg:composer/drupal/core@10.3.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c5f-q858-huaw"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-b8fw-ya7y-h7d8"},{"vulnerability":"VCID-deks-ns51-nbdg"},{"vulnerability":"VCID-hay8-hvsq-33bm"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-yq4q-hydz-vuga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/82501?format=json","purl":"pkg:composer/drupal/core@10.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c5f-q858-huaw"},{"vulnerability":"VCID-6x4v-da7x-uyhh"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-b266-wste-eqh6"},{"vulnerability":"VCID-b8fw-ya7y-h7d8"},{"vulnerability":"VCID-deks-ns51-nbdg"},{"vulnerability":"VCID-hay8-hvsq-33bm"},{"vulnerability":"VCID-j7bj-atys-qfg3"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-qwge-qrwn-1faj"},{"vulnerability":"VCID-xv4d-ped2-4udz"},{"vulnerability":"VCID-yq4q-hydz-vuga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/758482?format=json","purl":"pkg:composer/drupal/core@11.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/82502?format=json","purl":"pkg:composer/drupal/core@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c5f-q858-huaw"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-b266-wste-eqh6"},{"vulnerability":"VCID-b8fw-ya7y-h7d8"},{"vulnerability":"VCID-deks-ns51-nbdg"},{"vulnerability":"VCID-hay8-hvsq-33bm"},{"vulnerability":"VCID-j7bj-atys-qfg3"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-qwge-qrwn-1faj"},{"vulnerability":"VCID-xv4d-ped2-4udz"},{"vulnerability":"VCID-yq4q-hydz-vuga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5"}],"aliases":["CVE-2024-45440","GHSA-mg8j-w93w-xjgc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4p4c-7rdc-37fa"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1"}