Headline
GHSA-7cwc-fjqm-8vh8: Drupal core Access bypass
Drupal’s uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-55634
Drupal core Access bypass
Moderate severity GitHub Reviewed Published Dec 10, 2024 to the GitHub Advisory Database • Updated Dec 10, 2024
Package
Affected versions
>= 8.0.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
Patched versions
10.2.11
10.3.9
11.0.8
composer drupal/core-recommended (Composer)
>= 8.0.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
>= 8.0.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
Published to the GitHub Advisory Database
Dec 10, 2024
Last updated
Dec 10, 2024