Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Remediation

References

CVE-2020-13668

Related Vulnerabilities

WordPress Plugin Quotes Collection Cross-Site Scripting (2.0.5)

WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11042)

Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496)

Oracle Database Server CVE-2009-1991 Vulnerability (CVE-2009-1991)

Severity

Medium

Classification

CVE-2020-13668 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities