GHSA-m6q5-wv4x-fv6h

Source

https://github.com/advisories/GHSA-m6q5-wv4x-fv6h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-m6q5-wv4x-fv6h

Aliases

Published

2022-02-12T00:00:47Z

Modified

2024-02-06T13:16:12.843705Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Drupal Core

Details

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Database specific

{
    "nvd_published_at": "2022-02-11T16:15:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2022-02-25T15:33:47Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.8.10

Affected versions

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

8.3.9

8.4.0-alpha1

8.4.0-beta1

8.4.0-rc1

8.4.0-rc2

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.4.6

8.4.7

8.4.8

8.5.0-alpha1

8.5.0-beta1

8.5.0-rc1

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.5.9

8.5.10

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

8.6.0-alpha1

8.6.0-beta1

8.6.0-beta2

8.6.0-rc1

8.6.0

8.6.1

8.6.2

8.6.3

8.6.4

8.6.5

8.6.6

8.6.7

8.6.8

8.6.9

8.6.10

8.6.11

8.6.12

8.6.13

8.6.14

8.6.15

8.6.16

8.6.17

8.6.18

8.7.0-alpha1

8.7.0-alpha2

8.7.0-beta1

8.7.0-beta2

8.7.0-rc1

8.7.0

8.7.1

8.7.2

8.7.3

8.7.4

8.7.5

8.7.6

8.7.7

8.7.8

8.7.9

8.7.10

8.7.11

8.7.12

8.7.13

8.7.14

8.8.0-alpha1

8.8.0-beta1

8.8.0-rc1

8.8.0

8.8.1

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.9.0

Fixed

8.9.6

Affected versions

8.*

8.9.0

8.9.1

8.9.2

8.9.3

8.9.4

8.9.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.0.6

Affected versions

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.8.10

Affected versions

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

8.3.9

8.4.0-alpha1

8.4.0-beta1

8.4.0-rc1

8.4.0-rc2

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.4.6

8.4.7

8.4.8

8.5.0-alpha1

8.5.0-beta1

8.5.0-rc1

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.5.9

8.5.10

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

8.6.0-alpha1

8.6.0-beta1

8.6.0-beta2

8.6.0-rc1

8.6.0

8.6.1

8.6.2

8.6.3

8.6.4

8.6.5

8.6.6

8.6.7

8.6.8

8.6.9

8.6.10

8.6.11

8.6.12

8.6.13

8.6.14

8.6.15

8.6.16

8.6.17

8.6.18

8.7.0-alpha1

8.7.0-alpha2

8.7.0-beta1

8.7.0-beta2

8.7.0-rc1

8.7.0

8.7.1

8.7.2

8.7.3

8.7.4

8.7.5

8.7.6

8.7.7

8.7.8

8.7.9

8.7.10

8.7.11

8.7.12

8.7.13

8.7.14

8.8.0-alpha1

8.8.0-beta1

8.8.0-rc1

8.8.0

8.8.1

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.9.0

Fixed

8.9.6

Affected versions

8.*

8.9.0

8.9.1

8.9.2

8.9.3

8.9.4

8.9.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.0.6

Affected versions

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6q5-wv4x-fv6h/GHSA-m6q5-wv4x-fv6h.json"