ByteOS Network

NVD Vulnerability Details :

CVE-2017-6920

Analyzed

Source-mlhess@drupal.org

Published At-06 Aug, 2018 | 15:29

Updated At-04 Oct, 2018 | 16:16

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

The Drupal Association

>>drupal>>Versions from 8.0.0(inclusive) to 8.3.4(exclusive)

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-19	Primary	nvd@nist.gov

CWE ID: CWE-19

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/99211	mlhess@drupal.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038781	mlhess@drupal.org	Third Party Advisory VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple	mlhess@drupal.org	Patch Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/99211

Source: mlhess@drupal.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1038781

Source: mlhess@drupal.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple

Source: mlhess@drupal.org

Resource:

Patch

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History