drupal/drupal vulnerabilities

Known vulnerabilities in the drupal/drupal package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Open Redirect	>=7.0, <7.24
H Arbitrary Code Execution	<8.8.12>=8.9.0, <8.9.10>=9.0.0, <9.0.9
M Access Restriction Bypass	>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6
M Information Disclosure	>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6
C Cross-site Scripting (XSS)	>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6
C Cross-site Scripting (XSS)	>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6
M Cross-site Scripting (XSS)	>=7.0.0, <7.73>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6
M Access Restriction Bypass	<8.7.11>=8.8.0, <8.8.1
M Denial of Service (DoS)	<8.7.11>=8.8.0, <8.8.1
M Arbitrary File Upload	<8.7.11>=8.8.0, <8.8.1
M Access Control Bypass	<8.5.15>=8.6.0, <8.6.16
M Cross-site Scripting (XSS)	<8.5.15>=8.6.0, <8.6.15
M Arbitrary Code Execution	<8.5.15>=8.6.0, <8.6.15
M Cross-site Scripting (XSS)	>=7.0, <7.65>=8.0.0, <8.5.14>=8.6.0, <8.6.13
H Remote Code Execution (RCE)	<8.5.11>=8.6.0, <8.6.10
H Arbitrary Code Execution	>=7.0.0, <7.6.2>=8.5.0, <8.5.9>=8.6.0, <8.6.6
C Remote Code Execution	>=7.0.0, <7.60>=8.0.0, <8.5.8>=8.6.0, <8.6.2
C Remote Code Execution	>=7.0.0, <7.60>=8.0.0, <8.5.8>=8.6.0, <8.6.2
H Open Redirect	>=7.0.0, <7.60>=8.0.0, <8.5.8>=8.6.0, <8.6.2
C Access Restriction Bypass	>=7.0.0, <7.60>=8.0.0, <8.5.8>=8.6.0, <8.6.2
M Cross-site Scripting (XSS)	>=8.0.0, <8.4.7>=8.5.0, <8.5.2
C Arbitrary Code Execution	<7.59.0>=8.0.0, <8.4.8>=8.5.0, <8.5.3
C Arbitrary Code Execution	>=0.0.0, <7.58>=8.0.0, <8.3.9>=8.4.0, <8.4.6>=8.5.0, <8.5.1
M Cross-site Scripting (XSS)	>=7.0.0, <7.57>=8.0.0, <8.4.5
M Cross-site Scripting (XSS)	>=7.0.0, <7.57>=8.0.0, <8.4.0
M Access Restriction Bypass	>=8.0, <8.4.5
M Link Injection	>=7.0, <7.57
M Access Restriction Bypass	>=7.0, <7.57
H Information Exposure	>=8.4.0, <8.4.5
H Access Restriction Bypass	>=8.4.0, <8.4.5
M Access Restriction Bypass	>=8.0, <8.3.7
M Authentication Bypass	>=8.0, <8.3.7
M Access Restriction Bypass	>=8.0, <8.3.7
M Information Exposure	>=7.0.0, <7.56>=8.0.0, <8.3.4
C Deserialization of Untrusted Data	>=8.0.0, <8.3.4
M Arbitrary File Upload	>=8.0.0, <8.3.4
H Access Restriction Bypass	>=8.3.0, <8.3.1<8.2.8
H Arbitrary Code Execution	>=8.0.0, <8.2.7
H Cross-site Request Forgery (CSRF)	>=8.0.0, <8.2.7
H Access Restriction Bypass	>=8.0.0, <8.2.7
H Cache Poisoning	>=8.0.0, <8.2.3
M Information Exposure	>=8.0.0, <8.2.3
M Denial of Service (DoS)	>=8.0.0, <8.2.3
M Cross-site Scripting (XSS)	>=8.0.0, <8.1.10
M Access Restriction Bypass	>=8.0.0, <8.1.10
M Access Restriction Bypass	>=8.0.0, <8.1.10
H HTTP Header Injection	>=8.0.0, <8.1.7
H Privilege Escalation	>=7.0.0, <7.44
M Information Exposure	>=8.0.0, <8.1.3
H Brute Force	>=6.0.0, <6.38>=7.0.0, <7.43
H Denial of Service (DoS)	>=7.0.0, <7.43>=8.0.0, <8.0.4
M HTTP Header Injection	>=6.0.0, <6.38
H Deserialization of Untrusted Data	>=6.0.0, <6.38
M Information Exposure	>=7.0.0, <7.43>=8.0.0, <8.0.4
H Open Redirect	>=6.0.0, <6.38
H Privilege Escalation	>=6.0.0, <6.38>=7.0.0, <7.43
H Access Restriction Bypass	>=6.0.0, <6.38
H Open Redirect	>=6.0.0, <6.38>=7.0.0, <7.43>=8.0.0, <8.0.4
M Reflected File Download	>=6.0.0, <6.38>=7.0.0, <7.43

Vulnerability

Vulnerable Version

Open Redirect

>=7.0, <7.24

Arbitrary Code Execution

<8.8.12>=8.9.0, <8.9.10>=9.0.0, <9.0.9

Access Restriction Bypass

>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6

Information Disclosure

>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6

Cross-site Scripting (XSS)

>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6

Cross-site Scripting (XSS)

>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6

Cross-site Scripting (XSS)

>=7.0.0, <7.73>=8.0.0, <8.1.0>=8.1.0, <8.2.0>=8.2.0, <8.3.0>=8.3.0, <8.4.0>=8.4.0, <8.5.0>=8.5.0, <8.6.0>=8.6.0, <8.7.0>=8.7.0, <8.8.0>=8.8.0, <8.8.10>=8.9.0, <8.9.6>=9.0.0, <9.0.6

Access Restriction Bypass

<8.7.11>=8.8.0, <8.8.1

Denial of Service (DoS)

<8.7.11>=8.8.0, <8.8.1

Arbitrary File Upload

<8.7.11>=8.8.0, <8.8.1

Access Control Bypass

<8.5.15>=8.6.0, <8.6.16

Cross-site Scripting (XSS)

<8.5.15>=8.6.0, <8.6.15

Arbitrary Code Execution

<8.5.15>=8.6.0, <8.6.15