Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2019-6338
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...
CVE-2019-6338
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
BDU:2019-04786
Уязвимость библиотеки PEAR Archive_Tar CMS-системы Drupal, позволяющая нарушителю выполнить произвольный код
BDU:2019-04785
Уязвимость утилиты phar CMS-системы Drupal, позволяющая нарушителю выполнить произвольный код
CVE-2017-6921
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
CVE-2017-6921
In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ...
CVE-2017-6924
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
CVE-2017-6924
In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...
CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2019-6338 In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ... | CVSS3: 8 | 1% Низкий | около 7 лет назад |
 | CVE-2019-6338 In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details | CVSS3: 8 | 1% Низкий | около 7 лет назад |
 | BDU:2019-04786 Уязвимость библиотеки PEAR Archive_Tar CMS-системы Drupal, позволяющая нарушителю выполнить произвольный код | CVSS3: 8 | 1% Низкий | около 7 лет назад |
| BDU:2019-04785 Уязвимость утилиты phar CMS-системы Drupal, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 81% Высокий | около 7 лет назад |
 | CVE-2017-6921 In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource. | CVSS3: 5.9 | 0% Низкий | около 7 лет назад |
| CVE-2017-6921 In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ... | CVSS3: 5.9 | 0% Низкий | около 7 лет назад |
| CVE-2017-6924 In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments. | CVSS3: 7.4 | 0% Низкий | около 7 лет назад |
| CVE-2017-6924 In Drupal 8 prior to 8.3.7; When using the REST API, users without the ... | CVSS3: 7.4 | 0% Низкий | около 7 лет назад |
| CVE-2017-6925 In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity. | CVSS3: 9.8 | 1% Низкий | около 7 лет назад |
| CVE-2017-6925 In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ... | CVSS3: 9.8 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу