CRITICAL🇵🇱 Wersja polska

CVE-2020-13675

CVSS 9.8v3.1pub. 2022-02-11upd. 2024-11-21

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Drupal

    APP
    Drupal
    8.0.0 – 8.9.19 (bez)9.1.0 – 9.1.13 (bez)9.2.0 – 9.2.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-7602CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentiall...

CVE-2018-7600CRITICAL9.8⚠ KEVten sam produkt

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to ex...

CVE-2024-55637CRITICAL9.8PL ✓ten sam produkt

Deserializacja niezaufanych danych w Drupal Core umożliwia RCE

CVE-2024-55636CRITICAL9.8PL ✓ten sam produkt

Deserialization podatności w Drupal Core umożliwiająca RCE (Object Injection)

CVE-2024-55638CRITICAL9.8PL ✓ten sam produkt

Deserialization gadget chain w Drupal Core umożliwiający RCE