Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7 ...
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
CVE-2017-6919
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
CVE-2017-6919
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypa ...
CVE-2017-6919
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments
CVE-2017-6381
A 3rd party development library including with Drupal 8 development de ...
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-2749 Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| CVE-2015-2749 Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7 ... | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
 | CVE-2015-2749 Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| CVE-2015-2750 Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| CVE-2017-6919 Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | CVSS3: 7.5 | 1% Низкий | почти 9 лет назад |
| CVE-2017-6919 Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypa ... | CVSS3: 7.5 | 1% Низкий | почти 9 лет назад |
| CVE-2017-6919 Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | CVSS3: 7.5 | 1% Низкий | почти 9 лет назад |
| CVE-2017-6381 A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments | CVSS3: 8.1 | 3% Низкий | почти 9 лет назад |
| CVE-2017-6381 A 3rd party development library including with Drupal 8 development de ... | CVSS3: 8.1 | 3% Низкий | почти 9 лет назад |
| CVE-2017-6379 Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID. | CVSS3: 7.5 | 0% Низкий | почти 9 лет назад |
Уязвимостей на страницу