Headline

GHSA-52jr-x6h6-xj6g: Drupal core vulnerable to improper error handling

Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.

The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.

22 days ago

ghsa

Open in Source

#web #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-11942

Drupal core vulnerable to improper error handling

Moderate severity GitHub Reviewed Published Dec 5, 2024 to the GitHub Advisory Database • Updated Dec 5, 2024

Package

Affected versions

>= 10.0.0, < 10.2.10

The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11942
https://www.drupal.org/sa-core-2024-002

Published to the GitHub Advisory Database

Dec 5, 2024

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection

22 hours ago

ghsa

GHSA-8596-2jgr-ppj7: Amazon Redshift JDBC Driver vulnerable to SQL Injection

22 hours ago

ghsa

GHSA-xx95-62h6-h7v3: lgsl Stored Cross-Site Scripting vulnerability

22 hours ago

ghsa

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

1 day ago

ghsa

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

2 days ago

ghsa