Description

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Remediation

References

CVE-2017-6920

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-3388)

PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)

Internet Information Services Other Vulnerability (CVE-1999-0738)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35152)

Severity

Critical

Classification

CVE-2017-6920 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities