DRUPAL-CORE-2024-003

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2024-003.json

JSON Data

https://api.test.osv.dev/v1/vulns/DRUPAL-CORE-2024-003

Aliases

Published

2024-11-20T17:20:16Z

Modified

2025-12-02T23:13:20.690522Z

Summary

[none]

Details

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized.

References

https://www.drupal.org/sa-core-2024-003

Credits

- Jay Beaton
- - https://www.drupal.org/user/352123

Affected packages

Packagist / drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type

ECOSYSTEM

Events

Introduced

8.8.0

Fixed

10.2.11

Database specific

{
    "constraint": ">= 8.8.0 < 10.2.11"
}

Type

ECOSYSTEM

Events

Introduced

10.3.0

Fixed

10.3.9

Database specific

{
    "constraint": ">= 10.3.0 < 10.3.9"
}

Type

ECOSYSTEM

Events

Introduced

11.0.0

Fixed

11.0.8

Database specific

{
    "constraint": ">= 11.0.0 < 11.0.8"
}

Affected versions

8.*

8.8.0

8.8.1

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

8.8.10

8.8.11

8.8.12

8.9.0-beta1

8.9.0-beta2

8.9.0-beta3

8.9.0-rc1

8.9.0

8.9.1

8.9.2

8.9.3

8.9.4

8.9.5

8.9.6

8.9.7

8.9.8

8.9.9

8.9.10

8.9.11

8.9.12

8.9.13

8.9.14

8.9.15

8.9.16

8.9.17

8.9.18

8.9.19

8.9.20

9.*

9.0.0-alpha1

9.0.0-alpha2

9.0.0-beta1

9.0.0-beta2

9.0.0-beta3

9.0.0-rc1

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.0.9

9.0.10

9.0.11

9.0.12

9.0.13

9.0.14

9.1.0-alpha1

9.1.0-beta1

9.1.0-rc1

9.1.0-rc2

9.1.0-rc3

9.1.0

9.1.1

9.1.2

9.1.3

9.1.4

9.1.5

9.1.6

9.1.7

9.1.8

9.1.9

9.1.10

9.1.11

9.1.12

9.1.13

9.1.14

9.1.15

9.2.0-alpha1

9.2.0-beta1

9.2.0-beta2

9.2.0-beta3

9.2.0-rc1

9.2.0

9.2.1

9.2.2

9.2.3

9.2.4

9.2.5

9.2.6

9.2.7

9.2.8

9.2.9

9.2.10

9.2.11

9.2.12

9.2.13

9.2.14

9.2.15

9.2.16

9.2.17

9.2.18

9.2.19

9.2.20

9.2.21

9.3.0-alpha1

9.3.0-beta1

9.3.0-beta2

9.3.0-beta3

9.3.0-rc1

9.3.0

9.3.1

9.3.2

9.3.3

9.3.4

9.3.5

9.3.6

9.3.7

9.3.8

9.3.9

9.3.10

9.3.11

9.3.12

9.3.13

9.3.14

9.3.15

9.3.16

9.3.17

9.3.18

9.3.19

9.3.20

9.3.21

9.3.22

9.4.0-alpha1

9.4.0-beta1

9.4.0-rc1

9.4.0-rc2

9.4.0

9.4.1

9.4.2

9.4.3

9.4.4

9.4.5

9.4.6

9.4.7

9.4.8

9.4.9

9.4.10

9.4.11

9.4.12

9.4.13

9.4.14

9.4.15

9.5.0-beta1

9.5.0-beta2

9.5.0-rc1

9.5.0-rc2

9.5.0

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7

9.5.8

9.5.9

9.5.10

9.5.11

10.*

10.0.0-alpha1

10.0.0-alpha2

10.0.0-alpha3

10.0.0-alpha4

10.0.0-alpha5

10.0.0-alpha6

10.0.0-alpha7

10.0.0-beta1

10.0.0-beta2

10.0.0-rc1

10.0.0-rc2

10.0.0-rc3

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9

10.0.10

10.0.11

10.1.0-alpha1

10.1.0-beta1

10.1.0-rc1

10.1.0

10.1.1

10.1.2

10.1.3

10.1.4

10.1.5

10.1.6

10.1.7

10.1.8

10.2.0-alpha1

10.2.0-beta1

10.2.0-rc1

10.2.0

10.2.1

10.2.2

10.2.3

10.2.4

10.2.5

10.2.6

10.2.7

10.2.8

10.2.9

10.2.10

10.3.0

10.3.1

10.3.2

10.3.3

10.3.4

10.3.5

10.3.6

10.3.7

10.3.8

11.*

11.0.0

11.0.1

11.0.2

11.0.3

11.0.4

11.0.5

11.0.6

11.0.7

Database specific

affected_versions

">= 8.8.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2024-003.json"