drupal7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Cross-site Request Forgery (CSRF)

<7.32-1+deb8u19
  • M
Open Redirect

<7.32-1+deb8u18
  • C
Directory Traversal

<7.32-1+deb8u17
  • C
Deserialization of Untrusted Data

*
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u17
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u16
  • C
Improper Input Validation

<7.32-1+deb8u14
  • H
Deserialization of Untrusted Data

<7.32-1+deb8u15
  • C
CVE-2018-7602

<7.32-1+deb8u12
  • M
Files or Directories Accessible to External Parties

<7.32-1+deb8u9
  • H
Incorrect Authorization

<7.6-1
  • C
Improper Input Validation

<7.32-1+deb8u11
  • M
Open Redirect

<7.32-1+deb8u10
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u10
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u10
  • M
Incorrect Permission Assignment for Critical Resource

<7.32-1+deb8u10
  • M
Open Redirect

<7.32-1+deb8u9
  • M
Open Redirect

<7.32-1+deb8u2
  • M
Open Redirect

<7.32-1+deb8u2
  • M
Open Redirect

<7.32-1+deb8u8
  • M
Information Exposure

<7.32-1+deb8u8
  • H
Access Restriction Bypass

<7.32-1+deb8u7
  • H
Access Restriction Bypass

<7.32-1+deb8u6
  • H
Security Features

<7.32-1+deb8u6
  • M
Information Exposure

<7.32-1+deb8u6
  • M
Security Features

<7.32-1+deb8u6
  • H
Improper Access Control

<7.32-1+deb8u6
  • H
CVE-2016-3164

<7.32-1+deb8u6
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u5
  • M
Information Exposure

<7.32-1+deb8u5
  • M
Cross-site Scripting (XSS)

<7.32-1+deb8u5
  • M
Cross-site Request Forgery (CSRF)

<7.32-1+deb8u5
  • H
SQL Injection

<7.32-1+deb8u5
  • M
Information Exposure

<7.32-1+deb8u4
  • M
Improper Input Validation

<7.32-1+deb8u4
  • M
CVE-2015-3233

<7.32-1+deb8u4
  • M
CVE-2015-3232

<7.32-1+deb8u4
  • L
Improper Access Control

<7.32-1+deb8u2
  • M
CVE-2014-9016

<7.32-1+deb8u1
  • M
Access Restriction Bypass

<7.32-1+deb8u1
  • H
SQL Injection

<7.32-1
  • M
Access Restriction Bypass

<7.31-1
  • M
Resource Management Errors

<7.31-1
  • M
Resource Management Errors

<7.31-1
  • L
Cross-site Scripting (XSS)

<7.29-1
  • M
Cross-site Scripting (XSS)

<7.29-1
  • M
Access Restriction Bypass

<7.29-1
  • M
Improper Input Validation

<7.29-1
  • M
Information Exposure

<7.27-1
  • M
Access Restriction Bypass

<7.26-1
  • H
CVE-2014-1475

<7.26-1
  • L
Cross-site Scripting (XSS)

<7.14-1.3
  • M
Cross-site Scripting (XSS)

<7.24-1
  • L
Cross-site Scripting (XSS)

<7.24-1
  • M
Improper Input Validation

<7.24-1
  • M
Cryptographic Issues

<7.24-1
  • M
Arbitrary Code Injection

<7.24-1
  • L
Access Restriction Bypass

<7.11-1
  • M
Cross-site Request Forgery (CSRF)

<7.11-1
  • M
Information Exposure

<7.11-1
  • M
Access Restriction Bypass

<7.14-1.3
  • L
Access Restriction Bypass

<7.14-1.3
  • M
Resource Management Errors

<7.14-2
  • M
Improper Input Validation

<7.14-1.2
  • M
Access Restriction Bypass

<7.14-1.2
  • M
Access Restriction Bypass

<7.14-1.1
  • M
Access Restriction Bypass

<7.14-1.1
  • M
Access Restriction Bypass

<7.14-1
  • M
Access Restriction Bypass

<7.14-1
  • M
Access Restriction Bypass

<7.14-1
  • L
Resource Management Errors

<7.14-1
  • M
Information Exposure

<7.22-1
  • M
Improper Input Validation

<7.14-1
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Access Restriction Bypass

<7.2-1