VulnerableCode Package Details - pkg:composer/drupal/drupal@11.0.8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-35c9-bezd-w7ft	Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core. To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.	CVE-2024-55636 GHSA-938f-5r4f-h65v
VCID-nzut-ru5h-7ydr	Drupal core Access bypass Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.	CVE-2024-55634 GHSA-7cwc-fjqm-8vh8
VCID-rp9d-qhfh-nkdg	Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core. To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.	CVE-2024-55637 GHSA-w6rx-9g2x-mg5g
VCID-yhf1-94ds-cbgk	Drupal Core Cross-Site Scripting (XSS) Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.	CVE-2024-12393 GHSA-8mvq-8h2v-j9vf

Vulnerability

Summary

Aliases

VCID-35c9-bezd-w7ft

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core. To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVE-2024-55636
GHSA-938f-5r4f-h65v

VCID-nzut-ru5h-7ydr

Drupal core Access bypass Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVE-2024-55634
GHSA-7cwc-fjqm-8vh8

VCID-rp9d-qhfh-nkdg

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core. To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVE-2024-55637
GHSA-w6rx-9g2x-mg5g

VCID-yhf1-94ds-cbgk

Drupal Core Cross-Site Scripting (XSS) Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVE-2024-12393
GHSA-8mvq-8h2v-j9vf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:13:36.741102+00:00	GitLab Importer	Fixing	VCID-yhf1-94ds-cbgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-12393.yml	36.1.3
2025-06-20T17:13:36.114758+00:00	GitLab Importer	Fixing	VCID-nzut-ru5h-7ydr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55634.yml	36.1.3
2025-06-20T17:13:35.222293+00:00	GitLab Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55637.yml	36.1.3
2025-06-20T17:13:33.938041+00:00	GitLab Importer	Fixing	VCID-35c9-bezd-w7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55636.yml	36.1.3
2025-06-05T14:56:40.584008+00:00	GithubOSV Importer	Fixing	VCID-yhf1-94ds-cbgk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-8mvq-8h2v-j9vf/GHSA-8mvq-8h2v-j9vf.json	36.1.0
2025-06-05T14:56:40.423973+00:00	GithubOSV Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-w6rx-9g2x-mg5g/GHSA-w6rx-9g2x-mg5g.json	36.1.0
2025-06-05T14:56:40.264251+00:00	GithubOSV Importer	Fixing	VCID-35c9-bezd-w7ft	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-938f-5r4f-h65v/GHSA-938f-5r4f-h65v.json	36.1.0
2025-06-04T07:54:32.213781+00:00	GHSA Importer	Fixing	VCID-35c9-bezd-w7ft	https://github.com/advisories/GHSA-938f-5r4f-h65v	36.1.0
2025-06-04T07:54:31.945979+00:00	GHSA Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://github.com/advisories/GHSA-w6rx-9g2x-mg5g	36.1.0
2025-06-03T23:49:09.155744+00:00	GitLab Importer	Fixing	VCID-yhf1-94ds-cbgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-12393.yml	36.1.0
2025-06-03T23:49:08.579697+00:00	GitLab Importer	Fixing	VCID-nzut-ru5h-7ydr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55634.yml	36.1.0
2025-06-03T23:49:07.745016+00:00	GitLab Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55637.yml	36.1.0
2025-06-03T23:49:07.108570+00:00	GitLab Importer	Fixing	VCID-35c9-bezd-w7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55636.yml	36.1.0
2025-06-02T23:47:52.762939+00:00	GitLab Importer	Fixing	VCID-yhf1-94ds-cbgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-12393.yml	36.1.2
2025-06-02T23:47:52.146547+00:00	GitLab Importer	Fixing	VCID-nzut-ru5h-7ydr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55634.yml	36.1.2
2025-06-02T23:47:51.205111+00:00	GitLab Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55637.yml	36.1.2
2025-06-02T23:47:50.576197+00:00	GitLab Importer	Fixing	VCID-35c9-bezd-w7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55636.yml	36.1.2
2025-04-03T22:36:00.828479+00:00	GitLab Importer	Fixing	VCID-yhf1-94ds-cbgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-12393.yml	36.0.0
2025-04-03T22:35:59.386778+00:00	GitLab Importer	Fixing	VCID-nzut-ru5h-7ydr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55634.yml	36.0.0
2025-04-03T22:35:57.248076+00:00	GitLab Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55637.yml	36.0.0
2025-04-03T22:35:55.732086+00:00	GitLab Importer	Fixing	VCID-35c9-bezd-w7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55636.yml	36.0.0
2025-01-16T23:29:01.983149+00:00	GitLab Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55637.yml	35.1.0
2025-01-16T23:29:01.717934+00:00	GitLab Importer	Fixing	VCID-35c9-bezd-w7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55636.yml	35.1.0
2025-01-16T23:29:01.283314+00:00	GitLab Importer	Fixing	VCID-nzut-ru5h-7ydr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-55634.yml	35.1.0
2025-01-16T23:28:54.887856+00:00	GitLab Importer	Fixing	VCID-yhf1-94ds-cbgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2024-12393.yml	35.1.0
2024-12-13T09:05:21.369649+00:00	GHSA Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://github.com/advisories/GHSA-w6rx-9g2x-mg5g	35.0.0
2024-12-13T09:05:15.848789+00:00	GHSA Importer	Fixing	VCID-35c9-bezd-w7ft	https://github.com/advisories/GHSA-938f-5r4f-h65v	35.0.0
2024-12-13T09:05:11.954112+00:00	GHSA Importer	Fixing	VCID-nzut-ru5h-7ydr	https://github.com/advisories/GHSA-7cwc-fjqm-8vh8	35.0.0
2024-12-13T09:04:26.812954+00:00	GHSA Importer	Fixing	VCID-yhf1-94ds-cbgk	https://github.com/advisories/GHSA-8mvq-8h2v-j9vf	35.0.0
2024-12-11T16:39:22.536998+00:00	GithubOSV Importer	Fixing	VCID-yhf1-94ds-cbgk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-8mvq-8h2v-j9vf/GHSA-8mvq-8h2v-j9vf.json	35.0.0
2024-12-11T16:39:09.112646+00:00	GithubOSV Importer	Fixing	VCID-rp9d-qhfh-nkdg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-w6rx-9g2x-mg5g/GHSA-w6rx-9g2x-mg5g.json	35.0.0
2024-12-11T16:37:26.952818+00:00	GithubOSV Importer	Fixing	VCID-nzut-ru5h-7ydr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-7cwc-fjqm-8vh8/GHSA-7cwc-fjqm-8vh8.json	35.0.0
2024-12-11T16:34:34.350797+00:00	GithubOSV Importer	Fixing	VCID-35c9-bezd-w7ft	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-938f-5r4f-h65v/GHSA-938f-5r4f-h65v.json	35.0.0