Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2017-0418

Good to know:

icon

Date: June 21, 2017

Affected version of drupal(8.0.0 to 8.3.3 and 7.0 to 7.55 ), are vulnerable to a Multiple Vulnerabilities .

Language: SHELL

Severity Score

Related Resources (2)

https://github.com/drupal/drupal/commit/c732355412b84a6f7079d92b4029cd9400c56c50
https://www.mend.io/vulnerability-database/WS-2017-0418

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

icon

Upgrade Version

Upgrade to version drupal/core-serialization - 8.3.x-dev;drupal/core-serialization - 8.3.4;drupal/drupal - 8.1.0-rc1;drupal/drupal - 8.0.0-rc2;drupal/drupal - 8.2.6;drupal/drupal - 8.3.x-dev;drupal/drupal - 8.2.1;drupal/drupal - 8.1.1;drupal/drupal - 8.3.0-rc2;drupal/drupal - 8.3.0-beta1;drupal/drupal - 8.3.3;drupal/drupal - 8.0.1;drupal/drupal - 8.1.8;drupal/drupal - 8.0.0;lexhouk/d8 - 0.1.0.10;redactivemedia/redactive-drupal8-platform - 8.3.4;drupal/core - 8.3.x-dev;drupal/core - 8.3.4;drupal/core - 8.2.x-dev;vijaycs85/coverage-report - 8.3.4;vijaycs85/coverage-report - 8.3.x-dev;chmez/d8 - 0.1.0.10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us