drupal7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Input Validation	<7.52-2+deb9u18
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
H Link Following	<7.52-2+deb9u16
M Cross-site Scripting (XSS)	<7.52-2+deb9u15
H Directory Traversal	<7.52-2+deb9u14
H Deserialization of Untrusted Data	<7.52-2+deb9u13
H Arbitrary Code Injection	<7.52-2+deb9u13
H Unrestricted Upload of File with Dangerous Type	<7.52-2+deb9u12
M Cross-site Scripting (XSS)	<7.52-2+deb9u12
H Cross-site Request Forgery (CSRF)	<7.52-2+deb9u11
M Open Redirect	<7.52-2+deb9u10
M Cross-site Scripting (XSS)	<7.52-2+deb9u10
M Cross-site Scripting (XSS)	<7.52-2+deb9u10
C Directory Traversal	<7.52-2+deb9u9
M Cross-site Scripting (XSS)	<7.52-2+deb9u8
M Cross-site Scripting (XSS)	<7.52-2+deb9u7
C Improper Input Validation	<7.52-2+deb9u6
H Deserialization of Untrusted Data	<7.52-2+deb9u6
C CVE-2018-7602	<7.52-2+deb9u4
M Files or Directories Accessible to External Parties	<7.52-2+deb9u1
H Incorrect Authorization	<7.6-1
C Improper Input Validation	<7.52-2+deb9u3
M Incorrect Permission Assignment for Critical Resource	<7.52-2+deb9u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u2
M Open Redirect	<7.52-2+deb9u2
M Open Redirect	<7.41-1
M Open Redirect	<7.32-1+deb8u2
M Open Redirect	<7.32-1+deb8u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M Open Redirect	<7.52-1
M Information Exposure	<7.52-1
H Access Restriction Bypass	<7.44-1
M Information Exposure	<7.43-1
H Access Restriction Bypass	<7.43-1
H CVE-2016-3164	<7.43-1
H Security Features	<7.43-1
M Security Features	<7.43-1
H Improper Access Control	<7.43-1
M Information Exposure	<7.39-1
M Cross-site Scripting (XSS)	<7.39-1
M Cross-site Scripting (XSS)	<7.39-1
H SQL Injection	<7.39-1
M Cross-site Request Forgery (CSRF)	<7.39-1
M Improper Input Validation	<7.38-1
M Information Exposure	<7.38-1
M CVE-2015-3233	<7.38-1
M CVE-2015-3232	<7.38-1
L Improper Access Control	<7.32-1+deb8u2
M Cross-site Scripting (XSS)	<7.52-2+deb9u17
M Access Restriction Bypass	<7.32-1+deb8u1
M CVE-2014-9016	<7.32-1+deb8u1
H SQL Injection	<7.32-1
M Access Restriction Bypass	<7.31-1
M Resource Management Errors	<7.31-1
M Resource Management Errors	<7.31-1
L Cross-site Scripting (XSS)	<7.29-1
M Access Restriction Bypass	<7.29-1
M Cross-site Scripting (XSS)	<7.29-1
M Improper Input Validation	<7.29-1
M Information Exposure	<7.27-1
M Access Restriction Bypass	<7.26-1
H CVE-2014-1475	<7.26-1
L Cross-site Scripting (XSS)	<7.14-1.3
M Cross-site Scripting (XSS)	<7.24-1
L Cross-site Scripting (XSS)	<7.24-1
M Arbitrary Code Injection	<7.24-1
M Improper Input Validation	<7.24-1
M Cryptographic Issues	<7.24-1
M Information Exposure	<7.11-1
L Access Restriction Bypass	<7.11-1
M Cross-site Request Forgery (CSRF)	<7.11-1
M Access Restriction Bypass	<7.14-1.3
L Access Restriction Bypass	<7.14-1.3
M Resource Management Errors	<7.14-2
M Improper Input Validation	<7.14-1.2
M Access Restriction Bypass	<7.14-1.2
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1.1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
M Access Restriction Bypass	<7.14-1
L Resource Management Errors	<7.14-1
L Information Exposure	<7.22-1
M Improper Input Validation	<7.14-1
L Cross-site Request Forgery (CSRF)	*
H Access Restriction Bypass	<7.2-1

Vulnerability

Vulnerable Version

Improper Input Validation

<7.52-2+deb9u18