drupal/core-recommended Security Advisories for 9.0.0 (6)
-
[MEDIUM] Drupal core Access bypass
PKSA-vt8m-56zm-d92y CVE-2024-55634 GHSA-7cwc-fjqm-8vh8
Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.0.0,<10.2.11
Reported by:
GitHub -
[LOW] Drupal core contains a potential PHP Object Injection vulnerability
PKSA-ckr2-ndkc-nts3 CVE-2024-55636 GHSA-938f-5r4f-h65v
Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11
Reported by:
GitHub -
[HIGH] Drupal core contains a potential PHP Object Injection vulnerability
PKSA-4txt-syt7-f859 CVE-2024-55637 GHSA-w6rx-9g2x-mg5g
Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11
Reported by:
GitHub -
[HIGH] Drupal core contains a potential PHP Object Injection vulnerability
PKSA-j4hv-gdkq-8fy8 CVE-2024-55638 GHSA-gvf2-2f4g-jqf4
Affected version: >=7.0,<7.102|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11
Reported by:
GitHub -
[MEDIUM] Drupal Core Cross-Site Scripting (XSS)
PKSA-hc46-z535-fjfk CVE-2024-12393 GHSA-8mvq-8h2v-j9vf
Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11
Reported by:
GitHub -
[LOW] Drupal Full Path Disclosure
PKSA-35hc-pd1y-zwpc CVE-2024-45440 GHSA-mg8j-w93w-xjgc
Affected version: >=8.0.0,<10.2.9|>=10.3.0,<10.3.6|>=11.0.0,<11.0.5
Reported by:
GitHub