GHSA-52jr-x6h6-xj6g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-52jr-x6h6-xj6g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-52jr-x6h6-xj6g/GHSA-52jr-x6h6-xj6g.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-52jr-x6h6-xj6g
- Aliases
-
- CVE-2024-11942
- Published
- 2024-12-05T15:31:02Z
- Modified
- 2024-12-05T20:12:05.541260Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Drupal core vulnerable to improper error handling
- Details
-
Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.
The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.
- Database specific
{ "nvd_published_at": "2024-12-05T15:15:08Z", "cwe_ids": [ "CWE-390" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-12-05T19:58:23Z" }- References
Affected packages
Packagist / drupal/core
Package
- Name
- drupal/core
- Purl
- pkg:composer/drupal/core
Affected versions
10.*
10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.0.10
10.0.11
10.1.0-alpha1
10.1.0-beta1
10.1.0-rc1
10.1.0
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.2.0-alpha1
10.2.0-beta1
10.2.0-rc1
10.2.0
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9