Security Advisories - drupal/core

drupal/core Security Advisories for 10.0.0-rc2 (10)

[HIGH] Drupal core contains a potential PHP Object Injection vulnerability

PKSA-xd2s-f2mt-7tf3 CVE-2024-55638 GHSA-gvf2-2f4g-jqf4

Affected version: >=7.0,<7.102|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11

Reported by:
GitHub
[HIGH] Drupal core contains a potential PHP Object Injection vulnerability

PKSA-g51h-n1x3-mszr CVE-2024-55637 GHSA-w6rx-9g2x-mg5g

Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11

Reported by:
GitHub
[LOW] Drupal core contains a potential PHP Object Injection vulnerability

PKSA-jthw-vxjy-kxnx CVE-2024-55636 GHSA-938f-5r4f-h65v

Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11

Reported by:
GitHub
[MEDIUM] Drupal core Access bypass

PKSA-ts55-c66h-g96n CVE-2024-55634 GHSA-7cwc-fjqm-8vh8

Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.0.0,<10.2.11

Reported by:
GitHub
[MEDIUM] Drupal Core Cross-Site Scripting (XSS)

PKSA-yjvc-rnsz-8n3c CVE-2024-12393 GHSA-8mvq-8h2v-j9vf

Affected version: >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11

Reported by:
GitHub
[MEDIUM] Drupal core vulnerable to improper error handling

PKSA-mh8z-kh9f-vv4z CVE-2024-11942 GHSA-52jr-x6h6-xj6g

Affected version: >=10.0.0,<10.2.10

Reported by:
GitHub
[LOW] Drupal Full Path Disclosure

PKSA-styk-3knc-d1bt CVE-2024-45440 GHSA-mg8j-w93w-xjgc

Affected version: >=8.0.0,<10.2.9|>=10.3.0,<10.3.6|>=11.0.0,<11.0.5

Reported by:
GitHub
[MEDIUM] Drupal core - Moderately critical - Denial of Service

PKSA-2gfj-5sh8-j3c5 GHSA-f84q-mgj9-8jfc

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<9.0.0|>=9.0.0,<9.1.0|>=9.1.0,<9.2.0|>=9.2.0,<9.3.0|>=9.3.0,<9.4.0|>=9.4.0,<9.5.0|>=9.5.0,<10.0.0|>=10.0.0,<10.1.0|>=10.1.0,<10.1.8|>=10.2.0,<10.2.2

Reported by:
FriendsOfPHP/security-advisories, GitHub
[CRITICAL] Cache poisoning in drupal/core

PKSA-my7h-svxh-5q3g CVE-2023-5256 GHSA-rjqg-3h9m-fx5x

Affected version: >=10.1.0,<10.1.4|>=10.0.0,<10.0.11|>=8.7.0,<9.5.11

Reported by:
GitHub
[CRITICAL] Access bypass in Drupal core

PKSA-h7d4-5mdz-2965 CVE-2023-31250 GHSA-8849-cv9f-vccm

Affected version: >=7.0.0,<7.96|>=9.0.0,<9.4.14|>=9.5.0,<9.5.8|>=10.0.0,<10.0.8

Reported by:
GitHub

drupal/core Security Advisories for 10.0.0-rc2 (10)

[HIGH] Drupal core contains a potential PHP Object Injection vulnerability

[HIGH] Drupal core contains a potential PHP Object Injection vulnerability

[LOW] Drupal core contains a potential PHP Object Injection vulnerability

[MEDIUM] Drupal core Access bypass

[MEDIUM] Drupal Core Cross-Site Scripting (XSS)

[MEDIUM] Drupal core vulnerable to improper error handling

[LOW] Drupal Full Path Disclosure

[MEDIUM] Drupal core - Moderately critical - Denial of Service

[CRITICAL] Cache poisoning in drupal/core

[CRITICAL] Access bypass in Drupal core