drupal/drupal Security Advisories for 8.0-alpha13 (69)
-
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Remote code execution - SA-CORE-2020-012
Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
Affected version: >=7.0.0,<7.70|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.14|>=8.8.0,<8.8.6
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.12|>=8.8.0,<8.8.4
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
Affected version: >=7.0.0,<7.69|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.11|>=8.8.0,<8.8.1
Reported by:
FriendsOfPHP/security-advisories -
Moderately critical - Third-party libraries - SA-CORE-2019-007
Affected version: >=7.0.0,<7.67.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.16|>=8.7.0,<8.7.1
Reported by:
FriendsOfPHP/security-advisories -
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
Affected version: >=7.0,<7.65|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.14
Reported by:
FriendsOfPHP/security-advisories -
Moderately critical - Cross Site Scripting - SA-CORE-2019-004
Affected version: >=7.0.0,<7.65.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.14|>=8.6.0,<8.6.13
Reported by:
FriendsOfPHP/security-advisories -
Highly critical - Remote Code Execution
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.11|>=8.6.0,<8.6.10
Reported by:
FriendsOfPHP/security-advisories -
Critical - Third Party Libraries
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Critical - Arbitrary PHP code execution
Affected version: >=7.0.0,<7.62.0|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.9|>=8.6.0,<8.6.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Content moderation - Moderately critical - Access bypass
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Contextual Links validation - Critical - Remote Code Execution
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Anonymous Open Redirect - Moderately Critical - Open Redirect
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
External URL injection through URL aliases - Moderately Critical - Open Redirect
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
Affected version: >=7.0,<7.60|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.8|>=8.6.0,<8.6.2
Reported by:
FriendsOfPHP/security-advisories -
Critical - Remote Code Execution
Affected version: >=7.0,<7.59|>=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.8|>=8.5,<8.5.3
Reported by:
FriendsOfPHP/security-advisories -
Moderately critical - Cross Site Scripting
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4,<8.4.7|>=8.5,<8.5.2
Reported by:
FriendsOfPHP/security-advisories -
Highly critical - Remote Code Execution
Affected version: >=7.0,<7.58|>=8.0,<8.3.9|>=8.4,<8.4.6|>=8.5,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
JavaScript cross-site scripting prevention is incomplete.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Comment reply form allows access to restricted content.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
External link injection on 404 pages when linking to the current page.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Language fallback can be incorrect on multilingual sites with node access restrictions.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Settings Tray access bypass.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Private file access bypass.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
jQuery vulnerability with untrusted domains.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.5
Reported by:
FriendsOfPHP/security-advisories -
Views does not properly restrict access to the Ajax endpoint.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories -
REST API can bypass comment approval.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories -
Entity access bypass for entities that do not have UUIDs or have protected revisions.
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.7
Reported by:
FriendsOfPHP/security-advisories -
File REST resource does not properly validate
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories -
Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories -
PECL YAML parser unsafe object handling
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4
Reported by:
FriendsOfPHP/security-advisories -
Access bypass
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.8|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Editor module incorrectly checks access to inline private files
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories -
Some admin paths were not protected with a CSRF token
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Incorrect cache context on password reset page
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories -
Denial of service via transliterate mechanism
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories -
Inconsistent name for term access query
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.3
Reported by:
FriendsOfPHP/security-advisories -
Users without "Administer comments" can set comment visibility on nodes they can edit
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
Full config export can be downloaded without administrative permissions
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
Cross-site Scripting in http exceptions
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10
Reported by:
FriendsOfPHP/security-advisories -
Drupal Core - Highly Critical - Injection - SA-CORE-2016-003
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.7
Reported by:
FriendsOfPHP/security-advisories -
Saving user accounts can sometimes grant the user all roles
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories -
Views can allow unauthorized users to see Statistics information
Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Session data truncation can lead to unserialization of user provided data
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Open redirect via double-encoded 'destination' parameter
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
Saving user accounts can sometimes grant the user all roles
Affected version: >=8.0,<8.0.4
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories