Drupal Core vulnerabilities

103 known vulnerabilities affecting drupal/core.

Total CVEs

103

CISA KEV

5

actively exploited

Public exploits

7

Exploited in wild

8

Severity breakdown

CRITICAL9HIGH35MEDIUM47LOW5UNKNOWN7

Vulnerabilities

Page 6 of 6

CVE-2019-11358UNKNOWNExploitedPoC≥ 8.0.0, < 8.5.15≥ 8.6.0, < 8.6.152019-04-17

CVE-2019-11358 CVE-2019-11358: The jQuery project released version 3 The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their [release notes](https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/): > jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable \_\_proto\_\_ property, it could extend the

CVE-2019-6338HIGHCVSS 8.8≥ 8.0.0, < 8.5.9≥ 8.6.0, < 8.6.62019-01-16

CVE-2019-6338 [HIGH] CVE-2019-6338: Drupal core uses the third-party PEAR Archive\_Tar library Drupal core uses the third-party PEAR Archive\_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to [CVE-2018-1000888](https://nvd.nist.gov/vuln/detail/CVE-2018-1000888) for details.

CVE-2018-7602CRITICALCVSS 9.8KEVPoC≥ unspecified, < 7.59≥ unspecified, < 8.5.3+1 more2018-07-19

CVE-2018-7602 [CRITICAL] CWE-94 CVE-2018-7602: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2

cvelistv5ghsanvdosv

← Previous6 / 6