7 matches found
Code injection
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...
CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...
CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...
CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (4fc2df49-6279-11e7-be0f-6cf0497db129)
Drupal Security Team Reports : CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. %NASLMINLEVEL 70300 C Tenable...
Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.56 or 8.x prior to 8.3.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain...
PECL YAML parser unsafe object handling
More info at https://www.drupal.org/SA-CORE-2017-003...