Remote Code Execution
Affecting drupal/core package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/core is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Remote Code Execution via the contextual links module due to insufficient validation.
drupal/core to versions 7.60, 8.5.8, 8.6.2 or higher.
Do your applications use this vulnerable package?
- Nick Booher
- Snyk ID
- 21 Oct, 2018
- 22 Oct, 2018