You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: input/new.json
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -17,20 +17,20 @@
17
17
],
18
18
[
19
19
"11.0.0",
20
-
"11.1.87"
20
+
"11.1.8"
21
21
],
22
22
[
23
23
"11.2.0",
24
24
"11.2.7"
25
25
]
26
26
],
27
27
"cwe": [
28
-
"CWE-400"
28
+
"CWE-502"
29
29
],
30
30
"tldr": "Affected versions of this package are vulnerable to Deserialization of Untrusted Data: a gadget chain in Drupal core can be leveraged if the application deserializes attacker-controlled data. The chain itself is not directly exploitable but can enable remote code execution when a separate vulnerability allows unsafe input to reach `unserialize()`. There are no known exploits in Drupal core.",
31
31
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
32
32
"how_to_fix": "Upgrade the `drupal/core` library to the patch version.",
33
-
"vulnerable_to": "Denial of Service (DoS)",
33
+
"vulnerable_to": "Deserialization of Untrusted Data",
0 commit comments