- Description
- Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
- Source
- mlhess@drupal.org
- NVD status
- Analyzed
- Products
- drupal
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 5.2
- Exploitability score
- 0.7
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "187161BC-CF72-4A12-9DA7-637A024DD97A",
"versionEndExcluding": "10.4.9",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6637885B-CE3E-4FCE-9899-A21BA12F6C87",
"versionEndExcluding": "10.5.6",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A80C15FD-FB6B-4E22-B836-8A18842BEED0",
"versionEndExcluding": "11.1.9",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D477FF8-4E52-43B9-8799-36DAEB8524E0",
"versionEndExcluding": "11.2.8",
"versionStartIncluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]