{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5230?format=json","vulnerability_id":"VCID-7v89-2sss-hfaz","summary":"multiple issues","aliases":[{"alias":"CVE-2020-13674"},{"alias":"GHSA-j586-cj67-vg4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2217?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6xfu-dm97-nkg4"},{"vulnerability":"VCID-cbgv-19kg-z7a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"},{"url":"http://public2.vulnerablecode.io/api/packages/60653?format=json","purl":"pkg:composer/drupal/core@8.9.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19"},{"url":"http://public2.vulnerablecode.io/api/packages/60639?format=json","purl":"pkg:composer/drupal/core@9.1.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/60640?format=json","purl":"pkg:composer/drupal/core@9.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2216?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-dxtv-3ta3-n7fy"},{"vulnerability":"VCID-gr4h-rkhw-wbac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/52630?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2989-fmjz-nkby"},{"vulnerability":"VCID-2c5f-q858-huaw"},{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-31qy-vagp-83b6"},{"vulnerability":"VCID-3pj1-y73r-vyhh"},{"vulnerability":"VCID-3xk4-qwaq-5yaj"},{"vulnerability":"VCID-4dpp-gg2v-q3et"},{"vulnerability":"VCID-4p4c-7rdc-37fa"},{"vulnerability":"VCID-4pg6-hqge-wkcb"},{"vulnerability":"VCID-4q59-j6u4-qfhk"},{"vulnerability":"VCID-56ze-2yw2-bfh8"},{"vulnerability":"VCID-5c5c-m7ba-kqct"},{"vulnerability":"VCID-5jy9-mhbb-nuh7"},{"vulnerability":"VCID-67w7-gq9f-ukf1"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-6s93-1cpz-yyg8"},{"vulnerability":"VCID-7bq1-m8df-k3ba"},{"vulnerability":"VCID-7ear-x9pf-yubc"},{"vulnerability":"VCID-7n7v-41m4-97gk"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-8qd6-8ckc-h3g5"},{"vulnerability":"VCID-9nk8-dban-g7h9"},{"vulnerability":"VCID-a3s2-c4k2-4ufn"},{"vulnerability":"VCID-a4u4-ga84-wyf9"},{"vulnerability":"VCID-a7ss-tkb6-gkge"},{"vulnerability":"VCID-ah3h-t9qa-gudr"},{"vulnerability":"VCID-ard5-3cjv-1beu"},{"vulnerability":"VCID-asm8-guag-b3ep"},{"vulnerability":"VCID-avmn-kqky-83dd"},{"vulnerability":"VCID-ay6b-1a7z-qkas"},{"vulnerability":"VCID-b8fw-ya7y-h7d8"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-ckvk-xm4a-2qey"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-deks-ns51-nbdg"},{"vulnerability":"VCID-dhwb-tvs2-vkht"},{"vulnerability":"VCID-dyhz-g3nv-yuc3"},{"vulnerability":"VCID-e12q-qavs-qybu"},{"vulnerability":"VCID-e8un-nbkk-cbf9"},{"vulnerability":"VCID-edfu-7ege-hkf5"},{"vulnerability":"VCID-egtv-y9w1-skgr"},{"vulnerability":"VCID-es39-uyu2-myap"},{"vulnerability":"VCID-hay8-hvsq-33bm"},{"vulnerability":"VCID-j7bj-atys-qfg3"},{"vulnerability":"VCID-jb63-xjup-1khv"},{"vulnerability":"VCID-jrhg-3271-tqdy"},{"vulnerability":"VCID-ks17-b29e-73au"},{"vulnerability":"VCID-kzrs-mrga-nyej"},{"vulnerability":"VCID-mm13-6dhq-nqfb"},{"vulnerability":"VCID-myja-t33q-q3cv"},{"vulnerability":"VCID-n5n3-p5yy-13d9"},{"vulnerability":"VCID-nacy-y1qt-5yhb"},{"vulnerability":"VCID-ng6g-hvc2-bkg4"},{"vulnerability":"VCID-nwdx-mgsc-s3f3"},{"vulnerability":"VCID-p54u-b18k-jyft"},{"vulnerability":"VCID-pgnc-fq4m-3kaz"},{"vulnerability":"VCID-pmmq-8s2m-h7dp"},{"vulnerability":"VCID-pnme-dc73-efcb"},{"vulnerability":"VCID-pzp5-2bpz-jfe2"},{"vulnerability":"VCID-q6zh-decq-bkau"},{"vulnerability":"VCID-qj1a-e46b-b7fs"},{"vulnerability":"VCID-qsuc-53pg-zkda"},{"vulnerability":"VCID-rd4g-h1j9-23cb"},{"vulnerability":"VCID-rsc6-y1uv-6bfq"},{"vulnerability":"VCID-t5ya-jzjf-ckh6"},{"vulnerability":"VCID-t89y-c9hq-9bhk"},{"vulnerability":"VCID-ta99-gcmk-2qc8"},{"vulnerability":"VCID-tbhc-6qre-7kc5"},{"vulnerability":"VCID-tbk2-zprq-27c8"},{"vulnerability":"VCID-tpzm-u3qp-akc8"},{"vulnerability":"VCID-ughj-q27r-yfe2"},{"vulnerability":"VCID-uq9s-79g7-rqh6"},{"vulnerability":"VCID-uvmv-j9kx-jfeq"},{"vulnerability":"VCID-w4ks-ufnz-vfav"},{"vulnerability":"VCID-wapd-e3mu-sffn"},{"vulnerability":"VCID-wgac-uvfw-8ufm"},{"vulnerability":"VCID-wsv7-je8g-sqet"},{"vulnerability":"VCID-wszp-2es5-z7fy"},{"vulnerability":"VCID-x34m-u169-1bce"},{"vulnerability":"VCID-y1nb-prqc-suaj"},{"vulnerability":"VCID-y5mz-1wsc-w3g7"},{"vulnerability":"VCID-yq4q-hydz-vuga"},{"vulnerability":"VCID-yygb-pp11-5udj"},{"vulnerability":"VCID-z2xs-z24v-c3e5"},{"vulnerability":"VCID-zpeb-7dhc-9kcx"},{"vulnerability":"VCID-zqer-y4s4-hqhy"},{"vulnerability":"VCID-zvtm-9bd5-ufgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60637?format=json","purl":"pkg:composer/drupal/core@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-67da-qxh5-aydx"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-pzp5-2bpz-jfe2"},{"vulnerability":"VCID-tpzm-u3qp-akc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60638?format=json","purl":"pkg:composer/drupal/core@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fas-m6vh-myhc"},{"vulnerability":"VCID-2g67-a42m-qfbh"},{"vulnerability":"VCID-2t34-82p3-73c3"},{"vulnerability":"VCID-7v89-2sss-hfaz"},{"vulnerability":"VCID-dav9-pgdh-8yey"},{"vulnerability":"VCID-pzp5-2bpz-jfe2"},{"vulnerability":"VCID-ydy1-x277-1fhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3383","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6"},{"reference_url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c"},{"reference_url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8"},{"reference_url":"https://www.drupal.org/sa-core-2021-007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-007"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674","reference_id":"CVE-2020-13674","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674"},{"reference_url":"https://github.com/advisories/GHSA-j586-cj67-vg4p","reference_id":"GHSA-j586-cj67-vg4p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j586-cj67-vg4p"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":352,"name":"Cross-Site Request Forgery (CSRF)","description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz"}