VulnerableCode Package Details - pkg:composer/drupal/core@10.1.4

Search for packages

Package details: pkg:composer/drupal/core@10.1.4

Essentials
History (1)

purl	pkg:composer/drupal/core@10.1.4

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-d93g-rc39-8fc2	Cache poisoning in drupal/core In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.	CVE-2023-5256 GHSA-rjqg-3h9m-fx5x

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T12:14:02.127324+00:00	GithubOSV Importer	Fixing	VCID-d93g-rc39-8fc2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-rjqg-3h9m-fx5x/GHSA-rjqg-3h9m-fx5x.json	36.1.3