Search for vulnerabilities
| Vulnerability ID | VCID-mr35-kz6f-y3fg |
| Aliases |
GHSA-jjx7-8462-w4m4
|
| Summary | Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links". |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 9.0 |
| Risk | 4.5 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | CRITICAL | https://github.com/advisories/GHSA-jjx7-8462-w4m4 |
| generic_textual | CRITICAL | https://github.com/drupal/drupal |
| generic_textual | CRITICAL | https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml |
| generic_textual | CRITICAL | https://www.drupal.org/sa-core-2018-006 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/drupal/drupal | ||
| https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml | ||
| https://www.drupal.org/sa-core-2018-006 | ||
| GHSA-jjx7-8462-w4m4 | https://github.com/advisories/GHSA-jjx7-8462-w4m4 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:35:40.859845+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-jjx7-8462-w4m4/GHSA-jjx7-8462-w4m4.json | 37.0.0 |