GHSA-xq54-x54m-vcpx

Source

https://github.com/advisories/GHSA-xq54-x54m-vcpx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-xq54-x54m-vcpx/GHSA-xq54-x54m-vcpx.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xq54-x54m-vcpx

Aliases

CVE-2024-11941

Published

2024-12-05T15:31:02Z

Modified

2024-12-05T20:27:07.583327Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Drupal core Denial of Service

Details

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Database specific

{
    "nvd_published_at": "2024-12-05T15:15:08Z",
    "cwe_ids": [
        "CWE-835"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-05T19:58:07Z"
}

References

Affected packages

Packagist / drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.1.0

Fixed

10.1.8

Affected versions

10.*

10.1.0

10.1.1

10.1.2

10.1.3

10.1.4

10.1.5

10.1.6

10.1.7

Packagist / drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.2.0

Fixed

10.2.2

Affected versions

10.*

10.2.0

10.2.1