Lucene search

K

GoogleOSV:GHSA-FMFV-X8MP-5767

HistoryFeb 18, 2022 - 12:00 a.m.

Improper input validation in Drupal core

2022-02-1800:00:37

Google

osv.dev

21

drupal

input validation

vulnerability

forms

attacker

sensitive data

EPSS

0.002

Percentile

55.6%

Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4

lists.fedoraproject.org/archives/list/[email protected]/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3

lists.fedoraproject.org/archives/list/[email protected]/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4

nvd.nist.gov/vuln/detail/CVE-2022-25271

www.drupal.org/sa-core-2022-003

EPSS

0.002

Percentile

55.6%

Related for OSV:GHSA-FMFV-X8MP-5767

debiancve1 github1 osv3 cve1 openvas6 ubuntucve1 drupal1 alpinelinux1 veracode1 prion1 cvelist1 nvd1 redos1 nessus6 fedora3