Max CVSS | 6.8 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-6377 | 5.0 |
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
|
03-10-2019 - 00:03 | 16-03-2017 - 14:59 | |
CVE-2017-6381 | 6.8 |
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies
|
03-10-2019 - 00:03 | 16-03-2017 - 14:59 | |
CVE-2017-6379 | 5.1 |
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
|
12-07-2017 - 01:29 | 16-03-2017 - 14:59 |