CVE-2024-55636
- Source
- https://cve.org/CVERecord?id=CVE-2024-55636
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-55636.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-55636
- Aliases
- Downstream
- Published
- 2024-12-09T23:24:27.729Z
- Modified
- 2026-05-18T05:59:03.758490067Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
- Details
-
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-915" ], "cna_assigner": "drupal", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/55xxx/CVE-2024-55636.json" }- References
Affected packages
Git / git.drupalcode.org/project/drupal
Affected ranges
- Type
- GIT
- Repo
- https://git.drupalcode.org/project/drupal
- Events
-
Introduced35c2f3ca5c935f3d8bde15932a712677c9bbd50fFixed2570b33d6e36d5835119b683af0d6a866593276bIntroduced150df8b6d02131a72a34ec1cb5444c191ae5e407Fixedf2093af42504324a1f55ca1783eab5b8a93afaa0Introduced140f94ff1051644c4416c7ed30cc5dd1f14507b2Fixed3712d59414f556474f990a503c3f7c295f8c719f
- Database specific
{ "extracted_events": [ { "introduced": "8.0.0" }, { "fixed": "10.2.11" }, { "introduced": "10.3.0" }, { "fixed": "10.3.9" }, { "introduced": "11.0.0" }, { "fixed": "11.0.8" } ], "source": "AFFECTED_FIELD" }
Affected versions
10.*
10.0.0-alpha1
10.0.0-alpha3
10.0.0-alpha4
10.0.0-alpha5
10.1.0-alpha1
10.2.0
10.2.0-alpha1
10.2.0-beta1
10.2.0-rc1
10.2.1
10.2.10
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9
10.3.0-beta1
10.3.0-rc1
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
11.*
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
8.*
8.0.0
8.1.0-beta1
9.*
9.0.0-alpha1
9.0.0-alpha2
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
- Database specific
{ "extracted_events": [ { "introduced": "8.0.0" }, { "fixed": "10.2.11" }, { "introduced": "10.3.0" }, { "fixed": "10.3.9" }, { "introduced": "11.0.0" }, { "fixed": "11.0.8" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }
Affected versions
10.*
10.0.0-alpha1
10.0.0-alpha3
10.0.0-alpha4
10.0.0-alpha5
10.1.0-alpha1
10.2.0
10.2.0-alpha1
10.2.0-beta1
10.2.0-rc1
10.2.1
10.2.10
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9
10.3.0-beta1
10.3.0-rc1
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
11.*
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
8.*
8.0.0
8.1.0-beta1
9.*
9.0.0-alpha1
9.0.0-alpha2