Fluid Attacks Database

Description

Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	drupal/core	>=8.0.0 <8.5.8 \|\| >=8.6.0 <8.6.2	8.5.8, 8.6.2

Aliases

1. GCVE-GHSA-7v68-3pr5-h3cr

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-5.yaml2. https://www.drupal.org/sa-core-2018-006

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.