Remote Code Execution
Affecting drupal/drupal package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/drupal is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Remote Code Execution via the contextual links module due to insufficient validation.
drupal/drupal to versions 7.60, 8.5.8, 8.6.2 or higher.
Do your applications use this vulnerable package?
- Nick Booher
- Snyk ID
- 17 Oct, 2018
- 22 Oct, 2018