Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-6920
HistoryAug 06, 2018 - 3:29 p.m.

CVE-2017-6920

2018-08-0615:29:00
CWE-19
[email protected]
web.nvd.nist.gov
32
2
cve-2017-6920
drupal
security vulnerability
remote code execution
pecl
yaml parser
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

JSON

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

CPENameOperatorVersion
drupal:drupaldrupallt8.3.4

Social References

More

Related

osv 2
prion 1
veracode 1
github 1
nessus 4
openvas 3
freebsd 1
fedora 1
osv
osv
CVE-2017-6920
2018-08-06 15:29:00
Drupal PECL YAML parser unsafe object handling
2022-05-14 02:57:07
prion
prion
Code injection
2018-08-06 15:29:00
veracode
veracode
Remote Code Execution (RCE) Through YAML Deserialization
2017-06-27 07:10:01
github
github
Drupal PECL YAML parser unsafe object handling
2022-05-14 02:57:07
nessus
nessus
Drupal 8.x < 8.3.4 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)
2017-06-27 00:00:00
Drupal 7.x < 7.56 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux
2017-06-22 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Windows
2017-06-22 00:00:00
Fedora Update for drupal8 FEDORA-2018-922cc2fbaa
2018-04-25 00:00:00
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

JSON
Related for CVE-2017-6920
osv2prion1veracode1github1nessus4openvas3freebsd1fedora1