Lucene search
GoogleOSV:GHSA-6MGP-V5CM-GHG5HistoryMay 15, 2024 - 8:27 p.m.
Drupal core Remote Code Execution
2024-05-1520:27:23
Google
osv.dev
1
drupal
core
remote execution
email
variables
sanitized
shell
code execution
8 High
AI Score
Confidence
Low
In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail(), which could lead to remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | eq | 8.4.0 | |
| drupal/core | eq | 8.2.6 | |
| drupal/core | eq | 8.4.5 | |
| drupal/core | eq | 8.1.6 | |
| drupal/core | eq | 8.3.7 | |
| drupal/core | eq | 8.1.7 | |
| drupal/core | eq | 8.3.4 | |
| drupal/core | eq | 8.2.0 | |
| drupal/core | eq | 8.3.0-beta1 | |
| drupal/core | eq | 8.2.3 |
8 High
AI Score
Confidence
Low