CVE-2017-6920

State: PUBLISHED · Published: 2018-08-06 · Updated: 2024-09-16 · Assigner: drupal

Description

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

CWE

(none)

Affected

Drupal.org / Drupal Core — v=8 prior to 8.3.4 [affected]

CVSS

(none)

References

https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple x_refsource_CONFIRM
http://www.securityfocus.com/bid/99211 vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038781 vdb-entry, x_refsource_SECTRACK

Source

cvelistV5-main/cves/2017/6xxx/CVE-2017-6920.json