Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certai ...
CVE-2020-13662
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
CVE-2020-13662
Open Redirect vulnerability in Drupal Core allows a user to be tricked ...
CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1.
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
CVE-2020-13662
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
CVE-2020-13666
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
CVE-2020-13666
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2020-13665 Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ... | CVSS3: 9.8 | 1% Низкий | почти 5 лет назад |
 | CVE-2020-13664 Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1. | CVSS3: 8.8 | 2% Низкий | почти 5 лет назад |
| CVE-2020-13664 Arbitrary PHP code execution vulnerability in Drupal Core under certai ... | CVSS3: 8.8 | 2% Низкий | почти 5 лет назад |
| CVE-2020-13662 Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions. | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
| CVE-2020-13662 Open Redirect vulnerability in Drupal Core allows a user to be tricked ... | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
 | CVE-2020-13665 Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1. | CVSS3: 9.8 | 1% Низкий | почти 5 лет назад |
| CVE-2020-13664 Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1. | CVSS3: 8.8 | 2% Низкий | почти 5 лет назад |
| CVE-2020-13662 Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions. | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
| CVE-2020-13666 Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
| CVE-2020-13666 Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ... | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
Уязвимостей на страницу