drupal7 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF)	<7.32-1+deb8u19
M Open Redirect	<7.32-1+deb8u18
C Deserialization of Untrusted Data	*
C Directory Traversal	<7.32-1+deb8u17
M Cross-site Scripting (XSS)	<7.32-1+deb8u17
M Cross-site Scripting (XSS)	<7.32-1+deb8u16
C Improper Input Validation	<7.32-1+deb8u14
H Deserialization of Untrusted Data	<7.32-1+deb8u15
C CVE-2018-7602	<7.32-1+deb8u12
M Files or Directories Accessible to External Parties	<7.32-1+deb8u9
H Incorrect Authorization	<7.6-1
C Improper Input Validation	<7.32-1+deb8u11
M Cross-site Scripting (XSS)	<7.32-1+deb8u10
M Open Redirect	<7.32-1+deb8u10
M Incorrect Permission Assignment for Critical Resource	<7.32-1+deb8u10
M Cross-site Scripting (XSS)	<7.32-1+deb8u10
M Open Redirect	<7.32-1+deb8u9
M Open Redirect	<7.32-1+deb8u2
M Open Redirect	<7.32-1+deb8u2
M Information Exposure	<7.32-1+deb8u8
M Open Redirect	<7.32-1+deb8u8
H Access Restriction Bypass	<7.32-1+deb8u7
H Access Restriction Bypass	<7.32-1+deb8u6
H Improper Access Control	<7.32-1+deb8u6
H CVE-2016-3164	<7.32-1+deb8u6
H Security Features	<7.32-1+deb8u6
M Security Features	<7.32-1+deb8u6
M Information Exposure	<7.32-1+deb8u6
M Cross-site Request Forgery (CSRF)	<7.32-1+deb8u5
M Information Exposure	<7.32-1+deb8u5
H SQL Injection	<7.32-1+deb8u5
M Cross-site Scripting (XSS)	<7.32-1+deb8u5
M Cross-site Scripting (XSS)	<7.32-1+deb8u5
M CVE-2015-3232	<7.32-1+deb8u4
M Information Exposure	<7.32-1+deb8u4
M Improper Input Validation	<7.32-1+deb8u4
M CVE-2015-3233	<7.32-1+deb8u4
L Improper Access Control	<7.32-1+deb8u2
M CVE-2014-9016	<7.32-1+deb8u1
M Access Restriction Bypass	<7.32-1+deb8u1
H SQL Injection	<7.32-1
M Access Restriction Bypass	<7.31-1
M Resource Management Errors	<7.31-1
M Resource Management Errors	<7.31-1
M Improper Input Validation	<7.29-1
M Access Restriction Bypass	<7.29-1
L Cross-site Scripting (XSS)	<7.29-1
M Cross-site Scripting (XSS)	<7.29-1
M Information Exposure	<7.27-1
H CVE-2014-1475	<7.26-1
M Access Restriction Bypass	<7.26-1
L Cross-site Scripting (XSS)	<7.14-1.3
M Cross-site Scripting (XSS)	<7.24-1
L Cross-site Scripting (XSS)	<7.24-1
M Improper Input Validation	<7.24-1
M Arbitrary Code Injection	<7.24-1
M Cryptographic Issues	<7.24-1
L Access Restriction Bypass	<7.11-1
M Cross-site Request Forgery (CSRF)	<7.11-1
M Information Exposure	<7.11-1
M Access Restriction Bypass	<7.14-1.3
L Access Restriction Bypass	<7.14-1.3
M Resource Management Errors	<7.14-2
M Access Restriction Bypass	<7.14-1.2
M Improper Input Validation	<7.14-1.2
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1
L Resource Management Errors	<7.14-1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
M Information Exposure	<7.22-1
M Improper Input Validation	<7.14-1
M Cross-site Request Forgery (CSRF)	*
H Access Restriction Bypass	<7.2-1

Vulnerability

Vulnerable Version

Cross-site Request Forgery (CSRF)

<7.32-1+deb8u19