Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 975
GHSA-f4qx-jqfq-7785
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
GHSA-3327-jr93-7hq3
Drupal access bypass vulnerability
GHSA-66mv-q8r2-hj8w
Drupal access bypass vulnerability
GHSA-rhx9-3qf7-r3j7
Drupal Remote code execution
GHSA-w7qx-vwr9-2j3r
Drupal editor module incorrectly checks access to inline private files
GHSA-h377-287m-w2r9
Drupal file REST resource does not properly validate
GHSA-p8g6-5mg7-9r5q
Drupal REST API can bypass comment approval
GHSA-58f3-cx8p-h8jg
Drupal core access bypass vulnerability
GHSA-5vwg-c233-4qjm
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
GHSA-j7rr-r9x8-9jvj
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-f4qx-jqfq-7785 Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-3327-jr93-7hq3 Drupal access bypass vulnerability | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-66mv-q8r2-hj8w Drupal access bypass vulnerability | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rhx9-3qf7-r3j7 Drupal Remote code execution | CVSS3: 8.1 | 4% Низкий | больше 3 лет назад |
| GHSA-w7qx-vwr9-2j3r Drupal editor module incorrectly checks access to inline private files | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-h377-287m-w2r9 Drupal file REST resource does not properly validate | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-p8g6-5mg7-9r5q Drupal REST API can bypass comment approval | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
| GHSA-58f3-cx8p-h8jg Drupal core access bypass vulnerability | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-5vwg-c233-4qjm Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | 0% Низкий | больше 3 лет назад | |
| GHSA-j7rr-r9x8-9jvj Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу