CVE-2024-11941
published 2024-12-05CVE-2024-11941: A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.46%
36.3th percentile
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 10.1.0 < 10.1.8 | 10.1.8 |
| drupal | core | >= 10.2.0 < 10.2.2 | 10.2.2 |
| drupal | core | >= 8.0.0 < 10.1.8 | 10.1.8 |
| drupal | drupal | >= 10.2.0 < 10.2.2 | 10.2.2 |
| drupal | drupal | >= 8.0.0 < 10.1.8 | 10.1.8 |
| drupal | drupal_core | — | — |
| drupal | drupal_core | >= 10.1.0 < 10.1.8 | 10.1.8 |
| drupal | drupal_core | >= 10.2.0 < 10.2.2 | 10.2.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Drupal core Denial of Service
osv·2024-12-05
CVE-2024-11941 [HIGH] Drupal core Denial of Service
Drupal core Denial of Service
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).
Sites that do not use the Comment module are not affected.
OSV
CVE-2024-11941: A vulnerability in Drupal Core allows Excessive Allocation
osv·2024-12-05·CVSS 7.5
CVE-2024-11941 [HIGH] CVE-2024-11941: A vulnerability in Drupal Core allows Excessive Allocation
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
GHSA
Drupal core Denial of Service
ghsa·2024-12-05
CVE-2024-11941 [HIGH] CWE-835 Drupal core Denial of Service
Drupal core Denial of Service
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).
Sites that do not use the Comment module are not affected.
OSV
CVE-2024-11941: The Comment module allows users to reply to comments
osv·2024-01-17
CVE-2024-11941 CVE-2024-11941: The Comment module allows users to reply to comments
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).
Sites that do not use the Comment module are not affected.
Drupal
Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001
vendor_drupal·2024-01-17
CVE-2024-11941 [MEDIUM] Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001
Title: Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001
Vulnerability Type: Denial of Service
Description: The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS). Sites that do not use the Comment module are not affected.
Solution: Install the latest version: If you are using Drupal 10.2, update to Drupal 10.2.2 . If you are using Drupal 10.1, update to Drupal 10.1.8 . All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. ( Drupal 8 and Drupal 9 have both reached end-of-life.) Drupal 7 is not affected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-05
Published