CVE-2017-6920

Summary

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Affected Software

VendorProductVersion RangeStatus
Drupal.orgDrupal Core8 prior to 8.3.4affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References