In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail()
, which could lead to remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | eq | 8.4.0 | |
drupal/core | eq | 8.2.6 | |
drupal/core | eq | 8.4.5 | |
drupal/core | eq | 8.1.6 | |
drupal/core | eq | 8.3.7 | |
drupal/core | eq | 8.1.7 | |
drupal/core | eq | 8.3.4 | |
drupal/core | eq | 8.2.0 | |
drupal/core | eq | 8.3.0-beta1 | |
drupal/core | eq | 8.2.3 |