USN-7658-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7658-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7658-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7658-1

Upstream

CVE-2020-11022

UBUNTU-CVE-2020-11022

CVE-2020-11023

UBUNTU-CVE-2020-11023

Related

Published

2025-07-21T13:42:34.403707Z

Modified

2025-07-22T20:30:57.185828Z

Summary

drupal7 vulnerabilities

Details

It was discovered that Drupal incorrectly parsed untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code.

References

Affected packages

Ubuntu:Pro:14.04:LTS / drupal7

Package

Name: drupal7
Purl: pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm3?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.26-1ubuntu0.1+esm3

Affected versions

7.*

7.23-1

7.24-1

7.24-2

7.26-1

7.26-1ubuntu0.1

7.26-1ubuntu0.1+esm1

7.26-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "drupal7",
            "binary_version": "7.26-1ubuntu0.1+esm3"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / drupal7

Package

Name: drupal7
Purl: pkg:deb/ubuntu/drupal7@7.44-1ubuntu1~16.04.0+esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.44-1ubuntu1~16.04.0+esm3

Affected versions

7.*

7.38-1

7.41-1

7.44-1ubuntu1~16.04.0

7.44-1ubuntu1~16.04.0+esm1

7.44-1ubuntu1~16.04.0+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "drupal7",
            "binary_version": "7.44-1ubuntu1~16.04.0+esm3"
        }
    ]
}