Search for vulnerabilities
Vulnerability details: VCID-5nbe-p67k-a3af
Vulnerability ID VCID-5nbe-p67k-a3af
Aliases CVE-2024-55634
GHSA-7cwc-fjqm-8vh8
Summary Drupal core Access bypass Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-178 Improper Handling of Case Sensitivity
System Score Found at
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-55634
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
generic_textual MODERATE https://github.com/drupal/core
generic_textual MODERATE https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-55634
generic_textual MODERATE https://www.drupal.org/sa-core-2024-004
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-55634
https://github.com/drupal/core
https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
https://nvd.nist.gov/vuln/detail/CVE-2024-55634
https://www.drupal.org/sa-core-2024-004
GHSA-7cwc-fjqm-8vh8 https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.13441
EPSS Score 0.00045
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:09:42.669978+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-7cwc-fjqm-8vh8/GHSA-7cwc-fjqm-8vh8.json 36.1.3