CVE-2024-11941

CWE-8357 documents5 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal Drupal CoreDrupal DrupalDrupal Core
Timeline
PublishedDec 5

Description

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Packagistdrupal/core8.0.010.1.8+2
CVEListV5drupal/drupal_core10.2.010.2.2+1
NVDdrupal/drupal8.0.010.1.8+1

🔴Vulnerability Details

5
CVEList
Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-0012024-12-05
OSV
Drupal core Denial of Service2024-12-05
OSV
CVE-2024-11941: A vulnerability in Drupal Core allows Excessive Allocation2024-12-05
GHSA
Drupal core Denial of Service2024-12-05
OSV
CVE-2024-11941: The Comment module allows users to reply to comments2024-01-17

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-0012024-01-17
CVE-2024-11941 (HIGH CVSS 7.5) | A vulnerability in Drupal Core allo | cvebase.io