78 matches found
EUVD-2023-2586
Malicious code in bioql PyPI...
EUVD-2022-0799
Malicious code in bioql PyPI...
EUVD-2022-5673
Malicious code in bioql PyPI...
BIT-DRUPAL-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the readonly set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x...
BIT-DRUPAL-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...
BIT-DRUPAL-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected...
BIT-DRUPAL-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
This Week in Spring - October 3rd, 2023
Hi Spring fans! Welcome to another installment of This Week in Spring! How're you doin'? I've just flown in from Singapore - where I was keynoting and presenting at SpringOne Singapore - and am now in Antwerp, Belgium for the deliriously fun Devoxx Belgium show. I've missed this show, and it's a...
Cache poisoning in drupal/core
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
GHSA-RJQG-3H9M-FX5X Cache poisoning in drupal/core
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
Privilege escalation
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
CVE-2023-5256
Summary: CVE-2023-5256 affects Drupal sites with the JSON:API module enabled. In certain scenarios, the module outputs error backtraces that may cause sensitive information to be cached and accessible to anonymous users, enabling privilege escalation. Affected scope: Drupal installations with JSO...
CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
Drupal 8.7.x < 9.5.11 Cache Poisoning
According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 9.5.11, 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.4. In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause...
Drupal 10.1.x < 10.1.4 Cache Poisoning
According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 9.5.11, 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.4. In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause...
Drupal 10.0.x < 10.0.11 Cache Poisoning
According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 9.5.11, 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.4. In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause...
Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows
Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...