CVE-2017-6381

Опубликовано: 16 мар. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.1

Описание

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the /vendor/phpunit directory from your production deployments

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	needed
esm-infra-legacy/trusty	needed
esm-infra/focal	DNE
focal	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%

0.05379

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-6381

CVSS3: 8.1

nvd

больше 8 лет назад

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments

CVE-2017-6381

CVSS3: 8.1

debian

больше 8 лет назад

A 3rd party development library including with Drupal 8 development de ...

GHSA-rhx9-3qf7-r3j7

CVSS3: 8.1

github

около 3 лет назад

Drupal Remote code execution

EPSS

Процентиль: 90%

0.05379

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

CVE-2017-6381

Описание

Пакет drupal7

Ссылки на источники

Связанные уязвимости