Описание
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13663
- https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693
- https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6
- https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml
- https://www.drupal.org/sa-core-2020-004
Пакеты
drupal/core
>= 8.9.0, < 8.9.1
8.9.1
drupal/core
>= 9.0.0, < 9.0.1
9.0.1
drupal/core
>= 7.0.0, < 7.72
7.72
drupal/core
>= 8.0.0, < 8.8.8
8.8.8
drupal/drupal
>= 7.0.0, < 7.72
7.72
drupal/drupal
>= 8.0.0, < 8.8.8
8.8.8
drupal/drupal
>= 8.9.0, < 8.9.1
8.9.1
drupal/drupal
>= 9.0.0, < 9.0.1
9.0.1
Связанные уязвимости
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Cross Site Request Forgery vulnerability in Drupal Core Form API does ...
Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код