BIT-drupal-2022-25271

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-25271.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-drupal-2022-25271

Aliases

Published

2024-03-06T10:53:39.007Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Database specific

{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.88.0

Introduced

9.2.0

Fixed

9.2.13

Introduced

9.3.0

Fixed

9.3.6