- Description
- Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.
- Source
- mlhess@drupal.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- mlhess@drupal.org
- CWE-915
- Hype score
- Not currently trending
CVE-2024-55636 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 1… https://t.co/m7Ccpnu6Yh
@CVEnew
10 Dec 2024
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55636 Object Injection Vulnerability in Drupal Core Deserialization A Deserialization of Untrusted Data vulnerability exists in Drupal Core. This issue leads to Object Injection. It affects Drupal Core ... https://t.co/PvybDtw0S2
@VulmonFeeds
10 Dec 2024
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes