BIT-drupal-2022-25273

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-25273.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-drupal-2022-25273
Aliases
Published
2024-03-06T10:53:28.666Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Database specific
{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.0.0
Fixed
9.2.18
Introduced
9.3.0
Fixed
9.3.12