CVE-2017-6920

Опубликовано: 06 авг. 2018

Источник: debian

Описание

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal8	itp			package

Примечания

https://www.drupal.org/SA-CORE-2017-003

Связанные уязвимости

CVE-2017-6920

CVSS3: 9.8

nvd

почти 7 лет назад

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

GHSA-9c24-g32g-35rj

CVSS3: 9.8

github

около 3 лет назад

Drupal PECL YAML parser unsafe object handling