CVE-2024-55638

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-55638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-55638

Aliases

Related

UBUNTU-CVE-2024-55638

Published

2024-12-10T00:15:22Z

Modified

2025-06-03T16:59:19.819334Z

Summary

[none]

Details

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.

Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

References

https://www.drupal.org/sa-core-2024-008

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

497914920385b7016ac9c9367e0198530787adf2

Fixed

fa67320cf2109f1102201da5f66fd189c56f8b25

Affected versions

7.*

7.0

7.1

7.10

7.100

7.101

7.11

7.12

7.13

7.14

7.15

7.16

7.17

7.18

7.19

7.2

7.20

7.21

7.22

7.23

7.24

7.25

7.26

7.27

7.28

7.29

7.3

7.30

7.31

7.32

7.33

7.34

7.35

7.36

7.37

7.38

7.39

7.4

7.40

7.41

7.42

7.43

7.44

7.5

7.50

7.51

7.52

7.53

7.54

7.55

7.56

7.57

7.58

7.59

7.6

7.60

7.61

7.62

7.63

7.64

7.65

7.66

7.67

7.68

7.69

7.7

7.70

7.71

7.72

7.73

7.74

7.75

7.76

7.77

7.78

7.79

7.8

7.80

7.81

7.82

7.83

7.84

7.85

7.86

7.87

7.88

7.89

7.9

7.90

7.91

7.92

7.93

7.94

7.95

7.96

7.97

7.98

7.99