CVE-2017-6920
N/A
N/A
Summary
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Drupal.org | Drupal Core | 8 prior to 8.3.4 | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
- http://www.securityfocus.com/bid/99211
- http://www.securitytracker.com/id/1038781
References
- https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
- http://www.securityfocus.com/bid/99211
- http://www.securitytracker.com/id/1038781
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.