Drupal Data Processing Errors Vulnerability (CVE-2017-6920)

Description

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Remediation

References

CVE-2017-6920

Related Vulnerabilities

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)

WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5)

WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)

Magento CVE-2019-8123 Vulnerability (CVE-2019-8123)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.3.10)

Severity

Critical

Classification

CVE-2017-6920 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H