exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-55637

около 1 года назад

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

CVSS3: 9.8

EPSS: Низкий

CVE-2024-55637

около 1 года назад

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

CVSS3: 9.8

EPSS: Низкий

CVE-2024-55637

около 1 года назад

Deserialization of Untrusted Data vulnerability in Drupal Core allows ...

CVSS3: 9.8

EPSS: Низкий

GHSA-w6rx-9g2x-mg5g

около 1 года назад

Drupal core contains a potential PHP Object Injection vulnerability

CVSS3: 9.8

EPSS: Низкий

BDU:2024-10996

около 1 года назад

Уязвимость ядра CMS-системы Drupal, связанная с недостаточным контролем модификации динамически определённых характеристик объекта, позволяющая нарушителю выполнить произвольный код

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-55637 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.	CVSS3: 9.8	3% Низкий	около 1 года назад
CVE-2024-55637 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.	CVSS3: 9.8	3% Низкий	около 1 года назад
CVE-2024-55637 Deserialization of Untrusted Data vulnerability in Drupal Core allows ...	CVSS3: 9.8	3% Низкий	около 1 года назад
GHSA-w6rx-9g2x-mg5g Drupal core contains a potential PHP Object Injection vulnerability	CVSS3: 9.8	3% Низкий	около 1 года назад
BDU:2024-10996 Уязвимость ядра CMS-системы Drupal, связанная с недостаточным контролем модификации динамически определённых характеристик объекта, позволяющая нарушителю выполнить произвольный код	CVSS3: 9.8	3% Низкий	около 1 года назад

Уязвимостей на страницу