drupal/drupal Security Advisories for 8.5.x-dev (20)
-
[MEDIUM] Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
PKSA-228s-b71d-gqtr GHSA-r67r-42wx-c8r7
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
PKSA-jxhg-kvfm-s7yj CVE-2021-33829 GHSA-rgx6-rjj4-c388
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
PKSA-tyxj-vy9p-637h CVE-2020-13672
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
PKSA-dyq4-qbdd-22t9 GHSA-86xw-vmcx-9mj4
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012
PKSA-3srb-7yzb-k3z9 CVE-2020-13671 GHSA-68jc-v27h-vhmw
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
PKSA-pj26-qzbs-qsdf CVE-2020-13670 GHSA-mmjr-5q74-p3m4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
PKSA-cw52-vxdv-rgs8 CVE-2020-13669 GHSA-c533-c843-67h8
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
PKSA-7wth-f9fy-pscz CVE-2020-13668 GHSA-m6q5-wv4x-fv6h
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
PKSA-p8nh-vdkj-qj6y CVE-2020-13667 GHSA-x2q9-r8gm-f657
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
PKSA-t5jy-w6qp-61j7 CVE-2020-13666 GHSA-8jj2-x2gc-ggm7
Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
PKSA-n9tv-m1y4-br95 CVE-2020-13663 GHSA-m648-hpf8-qcjw
Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
PKSA-jtb2-54dk-mhsx CVE-2020-13664 GHSA-x72f-ggjw-v5xh
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Less critical - Access bypass - SA-CORE-2020-006
PKSA-sjd7-frvy-mdhc CVE-2020-13665 GHSA-wxqp-jwc9-g39x
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
PKSA-mqnq-34h4-66fw CVE-2020-13662 GHSA-gjqg-9rhv-qj67
Affected version: >=7.0.0,<7.70|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.14|>=8.8.0,<8.8.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
PKSA-8m86-ydts-gh7q GHSA-w333-5f96-mjrr
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.12|>=8.8.0,<8.8.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
PKSA-2d3q-s48p-1ddk GHSA-jjx7-8462-w4m4
Affected version: >=7.0.0,<7.69|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
PKSA-78g3-pjc8-rjxn GHSA-x6v2-xmrq-574j
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
PKSA-8t8q-xnp9-3crj GHSA-58xv-7h9r-mx3c
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
PKSA-nt5n-d3f6-nbcm GHSA-jf8c-36vw-98x4
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Moderately critical - Third-party libraries - SA-CORE-2019-007
PKSA-jsmp-3whm-t6rt CVE-2019-11831 GHSA-xv7v-rf6g-xwrc
Affected version: >=7.0.0,<7.67.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.16|>=8.7.0,<8.7.1
Reported by:
FriendsOfPHP/security-advisories, GitHub