GHSA-69g8-g9jq-74v7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-69g8-g9jq-74v7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-69g8-g9jq-74v7/GHSA-69g8-g9jq-74v7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-69g8-g9jq-74v7
- Aliases
- Published
- 2022-05-17T03:55:47Z
- Modified
- 2024-04-23T22:41:48.447892Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Drupal arbitrary code execution
- Details
-
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
- Database specific
{ "nvd_published_at": "2016-04-12T15:59:00Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-23T22:18:09Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-3171
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml
- https://github.com/drupal/core
- https://www.drupal.org/SA-CORE-2016-001
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
Affected packages
Packagist / drupal/core
Package
- Name
- drupal/core
- Purl
- pkg:composer/drupal/core
Packagist / drupal/drupal
Package
- Name
- drupal/drupal
- Purl
- pkg:composer/drupal/drupal