CVE-2017-6920
published 2018-08-06CVE-2017-6920: Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
20.48%
97.2th percentile
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal.org | drupal_core | — | — |
| drupal | core | >= 8.0 < 8.3.4 | 8.3.4 |
| drupal | drupal | >= 8.0 < 8.3.4 | 8.3.4 |
| drupal | drupal | >= 8.0.0 < 8.3.4 | 8.3.4 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Drupal PECL YAML parser unsafe object handling
osv·2022-05-14
CVE-2017-6920 [CRITICAL] Drupal PECL YAML parser unsafe object handling
Drupal PECL YAML parser unsafe object handling
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
GHSA
Drupal PECL YAML parser unsafe object handling
ghsa·2022-05-14
CVE-2017-6920 [CRITICAL] CWE-94 Drupal PECL YAML parser unsafe object handling
Drupal PECL YAML parser unsafe object handling
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/99211http://www.securitytracker.com/id/1038781https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiplehttp://www.securityfocus.com/bid/99211http://www.securitytracker.com/id/1038781https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
2018-08-06
Published