prod
Drupal 11
20 vulnerabilities has been found
0 abandonned packages has been found
Last analyse : 38 minutes ago
No result.
20 vulnerabilities has been found
| # | Total | C | H | M | L | |
|---|---|---|---|---|---|---|
| Composer | 20 | 0 | 4 | 7 | 9 | 0 |
Composer
high Twig has a possible sandbox bypass
Affected versions : >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8Patched versions : 1.44.8 2.16.1 3.14.0
https://github.com/advisories/GHSA-6j75-5wfj-gh66
Reported 9/9/24
CVE-2024-45411
low Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Patched versions : 3.11.2 3.14.1
https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled
Reported 11/6/24
CVE-2024-51755
low Unguarded calls to __toString() when nesting an object into an array
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Patched versions : 3.11.2 3.14.1
https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array
Reported 11/6/24
CVE-2024-51754
high Drupal core contains a potential PHP Object Injection vulnerability
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
Reported 12/10/24
CVE-2024-55637
medium Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Affected versions : >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13Patched versions : 10.3.13 10.4.3 11.0.12 11.1.3
https://github.com/advisories/GHSA-2qph-q8xw-gv7q
Reported 4/1/25
CVE-2025-31674
medium Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Affected versions : >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13Patched versions : 10.3.13 10.4.3 11.0.12 11.1.3
https://github.com/advisories/GHSA-39g6-x4x8-5jcm
Reported 4/1/25
CVE-2025-3057
medium Drupal Core Vulnerable to Forceful Browsing
Affected versions : >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13Patched versions : 10.3.13 10.4.3 11.0.12 11.1.3
https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
Reported 4/1/25
CVE-2025-31673
medium Drupal core Access bypass
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.0.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
Reported 12/10/24
CVE-2024-55634
medium Drupal Core Cross-Site Scripting (XSS)
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
Reported 12/10/24
CVE-2024-12393
low Drupal Core Cross-Site Scripting (XSS) Vulnerability
Affected versions : >=11.1.0,<11.1.5|>=11.0.0,<11.0.13|>=10.4.0,<10.4.5|>=8.0.0,<10.3.14Patched versions : 10.3.14 10.4.5 11.0.13 11.1.5
https://github.com/advisories/GHSA-m4wj-hhwj-47qp
Reported 4/1/25
CVE-2025-31675
low Drupal core contains a potential PHP Object Injection vulnerability
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-938f-5r4f-h65v
Reported 12/10/24
CVE-2024-55636
low Drupal Full Path Disclosure
Affected versions : >=8.0.0,<=11.0.4Patched versions :
https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Reported 8/29/24
CVE-2024-45440
5 drupal/core-recommended —— 11.0.1 +
high Drupal core contains a potential PHP Object Injection vulnerability
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
Reported 12/10/24
CVE-2024-55637
medium Drupal Core Cross-Site Scripting (XSS)
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
Reported 12/10/24
CVE-2024-12393
medium Drupal core Access bypass
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.0.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
Reported 12/10/24
CVE-2024-55634
low Drupal Full Path Disclosure
Affected versions : >=8.0.0,<=11.0.4Patched versions :
https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Reported 8/29/24
CVE-2024-45440
low Drupal core contains a potential PHP Object Injection vulnerability
Affected versions : >=11.0.0,<11.0.8|>=10.3.0,<10.3.9|>=8.8.0,<10.2.11Patched versions : 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8 10.2.11 10.3.9 11.0.8
https://github.com/advisories/GHSA-938f-5r4f-h65v
Reported 12/10/24
CVE-2024-55636
1 symfony/http-foundation —— v7.1.3 +
low CVE-2024-50345: Open redirect via browser-sanitized URLs
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-50345
Reported 11/5/24
CVE-2024-50345
high CVE-2024-51736: Command execution hijack on Windows with Process class
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-51736
Reported 11/5/24
CVE-2024-51736
1 symfony/validator —— v7.1.3 +
low CVE-2024-50343: Incorrect response from Validator when input ends with ` `
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4Patched versions : 5.4.43 6.4.11 7.1.4 5.4.43 6.4.11 7.1.4
https://symfony.com/cve-2024-50343
Reported 8/30/24
CVE-2024-50343
Share
Badge
[](https://audit.security.code-rhapsodie.fr/en/project/01915a71-4001-750d-ad7c-c98dcadce439)
[](https://audit.security.code-rhapsodie.fr/en/project/01915a71-4001-750d-ad7c-c98dcadce439)
[](https://audit.security.code-rhapsodie.fr/en/project/01915a71-4001-750d-ad7c-c98dcadce439)
[](https://audit.security.code-rhapsodie.fr/en/project/01915a71-4001-750d-ad7c-c98dcadce439)