GHSA-7fh9-933g-885p

Source

https://github.com/advisories/GHSA-7fh9-933g-885p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7fh9-933g-885p

Aliases

Published

2022-05-14T01:29:45Z

Modified

2025-12-10T23:41:01.770409Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H CVSS Calculator

Summary

Drupal Core Remote Code Execution Vulnerability

Details

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Database specific

{
    "github_reviewed_at": "2024-04-23T22:36:48Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "severity": "CRITICAL",
    "nvd_published_at": "2018-03-29T07:29:00Z"
}

References

Affected packages

Packagist

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.58

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0

Fixed

8.3.9

Affected versions

8.*

8.0.0-beta6

8.0.0-beta7

8.0.0-beta8

8.0.0-beta9

8.0.0-beta10

8.0.0-beta11

8.0.0-beta12

8.0.0-beta13

8.0.0-beta14

8.0.0-beta15

8.0.0-beta16

8.0.0-rc1

8.0.0-rc2

8.0.0-rc3

8.0.0-rc4

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.4.0

Fixed

8.4.6

Affected versions

8.*

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.5.0

Fixed

8.5.1

Affected versions

8.*

8.5.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.58

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0

Fixed

8.3.9

Affected versions

8.*

8.0.0-alpha14

8.0.0-alpha15

8.0.0-beta1

8.0.0-beta2

8.0.0-beta3

8.0.0-beta4

8.0.0-beta5

8.0.0-beta6

8.0.0-beta7

8.0.0-beta9

8.0.0-beta10

8.0.0-beta11

8.0.0-beta12

8.0.0-beta13

8.0.0-beta14

8.0.0-beta15

8.0.0-beta16

8.0.0-rc1

8.0.0-rc2

8.0.0-rc3

8.0.0-rc4

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.4

Fixed

8.4.6

Affected versions

8.*

8.4.0-alpha1

8.4.0-beta1

8.4.0-rc1

8.4.0-rc2

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"

drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.5

Fixed

8.5.1

Affected versions

8.*

8.5.0-alpha1

8.5.0-beta1

8.5.0-rc1

8.5.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fh9-933g-885p/GHSA-7fh9-933g-885p.json"