Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
BDU:2022-07065
Уязвимость плагина dialog WYSIWYG-редактора CKEditor, позволяющая нарушителю вызвать отказ в обслуживании
GHSA-fmfv-x8mp-5767
Improper input validation in Drupal core
GHSA-73q4-j324-2qcc
Incorrect authorization in Drupal core
CVE-2022-25270
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ... | CVSS3: 6.5 | 1% Низкий | почти 4 года назад |
 | CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. | CVSS3: 6.5 | 1% Низкий | почти 4 года назад |
 | CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
| CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ... | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
| CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
 | BDU:2022-07065 Уязвимость плагина dialog WYSIWYG-редактора CKEditor, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 1% Низкий | почти 4 года назад |
| GHSA-fmfv-x8mp-5767 Improper input validation in Drupal core | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| GHSA-73q4-j324-2qcc Incorrect authorization in Drupal core | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| CVE-2022-25270 The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| CVE-2022-25271 Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу