CVE-2020-13663

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

References

https://www.drupal.org/sa-core-2020-004

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type

GIT

Repo

https://github.com/drupal/drupal

Events

Introduced

497914920385b7016ac9c9367e0198530787adf2

Fixed

91f479be9314b0a87ab8643dc7021da911d4e81e

Introduced

f2b59e3ae8097ea01d15c708f1267b73794399c0

Fixed

d6ae9678b5c51ab3d7cb63746abacba61bb6cdb8

Introduced

a412ca41cfc0d954fe3cb2dd982dc6ca049b1c70

Fixed

4aff4012073fb3bf45218b8af9f2eadc4ea69470

Introduced

d62812dc17ce593beb2ccd4cdbee1a76c95e3fd7

Fixed

32d737c546d027c22a5d4eb25a7cea83ea1f5402

Database specific

{
    "versions": [
        {
            "introduced": "7.0"
        },
        {
            "fixed": "7.72"
        },
        {
            "introduced": "8.8.0"
        },
        {
            "fixed": "8.8.8"
        },
        {
            "introduced": "8.9.0"
        },
        {
            "fixed": "8.9.1"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.1"
        }
    ]
}

Affected versions

7.*

7.0

7.10

7.12

7.14

7.15

7.17

7.22

7.23

7.25

7.28

7.30

7.33

7.36

7.37

7.4

7.40

7.42

7.43

7.50

7.51

7.54

7.55

7.56

7.6

7.61

7.64

7.68

7.7

7.71

7.8

7.9

8.*

8.8.0

8.8.2

8.8.3

8.8.5

8.8.7

8.9.0

9.*

9.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13663.json"