CVE-2020-13663

CWE-352Cross-Site Request Forgery (CSRF)10 documents6 sources
Severity
8.8HIGH
EPSS
0.2%
top 55.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal Drupal CoreDrupal DrupalDrupal Core
Timeline
PublishedJun 11
Latest updateMay 24

Description

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Packagistdrupal/core8.0.08.8.8+3
CVEListV5drupal/drupal_core7.x7.72+3
NVDdrupal/drupal7.07.72+3
Packagistdrupal/drupal7.0.07.72+3

🔴Vulnerability Details

5
OSV
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability2022-05-24
GHSA
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability2022-05-24
CVEList
CVE-2020-13663: Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead2021-06-11
OSV
CVE-2020-13663: Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead2021-06-11
OSV
CVE-2020-13663: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities2020-06-17

📋Vendor Advisories

1
Drupal
Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-0042020-06-17

💬Community

3
Bugzilla
CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests2020-07-27
Bugzilla
CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all]2020-07-27
Bugzilla
CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [fedora-all]2020-07-27