CVE-2022-25271 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=9.3.0 <9.3.6 || >=8.0.0 <9.2.13 || >=7.0.0 <7.88

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00305 pctl0.53241

Details

Improper input validation in Drupal core Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Metadata

Created: 2022-02-18T00:00:37Z
Modified: 2022-03-01T21:17:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-fmfv-x8mp-5767/GHSA-fmfv-x8mp-5767.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-fmfv-x8mp-5767
Finding: F184
Auto approve: 1