CVE-2017-6921

Опубликовано: 15 янв. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Ссылки

http://www.securityfocus.com/bid/99222
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038781
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/99222
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038781
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.3.4 (исключая)

EPSS

Процентиль: 60%

0.00402

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-6921

CVSS3: 5.9

debian

больше 6 лет назад

In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ...

GHSA-h377-287m-w2r9

CVSS3: 5.9

github

около 3 лет назад

Drupal file REST resource does not properly validate

EPSS

Процентиль: 60%

0.00402

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20