Описание
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".
Пакеты
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.5.8
8.5.8
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.6.0, < 8.6.2
8.6.2
Дефекты
CWE-20
Дефекты
CWE-20