Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v8wr-r69p-mmwx

Опубликовано: 12 фев. 2022
Источник: github
Github: Прошло ревью
CVSS3: 9.8

Описание

Unrestricted Upload of File with Dangerous Type in Drupal core

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

Ссылки

Пакеты

Наименование

drupal/core

composer
Затронутые версииВерсия исправления

>= 8.0.0, < 8.9.19

8.9.19

Наименование

drupal/core

composer
Затронутые версииВерсия исправления

>= 9.1.0, < 9.1.13

9.1.13

Наименование

drupal/core

composer
Затронутые версииВерсия исправления

>= 9.2.0, < 9.2.6

9.2.6

EPSS

Процентиль: 41%
0.00185
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-13675

Дефекты

CWE-284
CWE-434

Связанные уязвимости

nvd логотип

CVE-2020-13675

CVSS3: 9.8
nvd
больше 3 лет назад

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

EPSS

Процентиль: 41%
0.00185
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-13675

Дефекты

CWE-284
CWE-434