prod

Drupal 11

8 vulnerabilities in 6 packages has been found

0 abandonned packages has been found



Last analyse : 14 hours ago share

No result.

8 vulnerabilities in 6 packages has been found


high  Twig has a possible sandbox bypass
Affected versions : >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8
Patched versions : 1.44.8 2.16.1 3.14.0 https://github.com/advisories/GHSA-6j75-5wfj-gh66
Reported 9/9/24
CVE-2024-45411
low  Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1
Patched versions : 3.11.2 3.14.1 https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled
Reported 11/6/24
CVE-2024-51755
low  Unguarded calls to __toString() when nesting an object into an array
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1
Patched versions : 3.11.2 3.14.1 https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array
Reported 11/6/24
CVE-2024-51754


low  Drupal Full Path Disclosure
Affected versions : >=8.0.0,<=11.0.4
Patched versions : https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Reported 8/29/24
CVE-2024-45440


low  Drupal Full Path Disclosure
Affected versions : >=8.0.0,<=11.0.4
Patched versions : https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Reported 8/29/24
CVE-2024-45440


low  CVE-2024-50345: Open redirect via browser-sanitized URLs
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-50345
Reported 11/5/24
CVE-2024-50345


high  CVE-2024-51736: Command execution hijack on Windows with Process class
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-51736
Reported 11/5/24
CVE-2024-51736


low  CVE-2024-50343: Incorrect response from Validator when input ends with ` `
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4
Patched versions : 5.4.43 6.4.11 7.1.4 5.4.43 6.4.11 7.1.4 https://symfony.com/cve-2024-50343
Reported 8/30/24
CVE-2024-50343