CVE-2022-25271

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25271

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25271.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25271

Aliases

Downstream

DLA-2925-1

UBUNTU-CVE-2022-25271

Published

2022-02-16T00:00:00Z

Modified

2026-05-18T05:53:21.121953352Z

Summary

[none]

Details

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "9.3.x"
                },
                {
                    "fixed": "9.3.6"
                },
                {
                    "introduced": "9.2.x"
                },
                {
                    "fixed": "9.2.13"
                },
                {
                    "introduced": "7.x"
                },
                {
                    "fixed": "7.88"
                }
            ]
        }
    ],
    "cna_assigner": "drupal",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/25xxx/CVE-2022-25271.json"
}

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type

GIT

Repo

https://github.com/drupal/drupal

Events

Introduced

Fixed

619a1f0e33d7dc694840d01374bd2d1660eabb8d

Introduced

943ecef3c0bc9822338252a7df6419aeb9253c9d

Fixed

7c620f0d179eee168b27509f3902f99e9fa52703

Introduced

698ee686c23de8c97d7e0601cf745b220d54f4e1

Fixed

e205f31c36c6db950f50d473cfd24ad22ac98ae1

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.88"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.13"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.3.6"
        }
    ],
    "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
}

Affected versions

1.*

1.0

2.*

2.0

3.*

3.0.1

5.*

5.0-beta-1

5.0-beta-2

5.0-rc-1

5.0-rc-2

6.*

6.0-beta-1

6.0-beta-2

6.0-beta-3

6.0-beta-4

6.0-rc-1

6.0-rc-2

6.0-rc-3

7.*

7.0

7.0-alpha1

7.0-alpha2

7.0-alpha3

7.0-alpha4

7.0-alpha5

7.0-alpha6

7.0-alpha7

7.0-beta1

7.0-beta2

7.0-beta3

7.0-rc-1

7.0-rc-2

7.0-rc-3

7.0-rc-4

7.0-unstable-1

7.0-unstable-10

7.0-unstable-2

7.0-unstable-3

7.0-unstable-4

7.0-unstable-5

7.0-unstable-6

7.0-unstable-7

7.10

7.12

7.14

7.15

7.17

7.22

7.23

7.25

7.28

7.30

7.33

7.36

7.37

7.4

7.40

7.42

7.43

7.50

7.51

7.54

7.55

7.56

7.6

7.61

7.64

7.68

7.7

7.71

7.76

7.77

7.79

7.8

7.81

7.83

7.84

7.85

7.87

7.9

9.*

9.2.0

9.2.1

9.2.10

9.2.11

9.2.12

9.2.3

9.2.5

9.2.7

9.2.8

9.3.0

9.3.2

9.3.4

9.3.5

Other

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25271.json"