{"containers": {"cna": {"affected": [{"product": "Drupal Core", "vendor": "Drupal", "versions": [{"status": "affected", "version": "8.2.x versions before 8.2.7"}]}], "datePublic": "2017-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments"}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal"}, "references": [{"name": "1038058", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038058"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/SA-2017-001"}, {"name": "96919", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96919"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@drupal.org", "ID": "CVE-2017-6381", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Drupal Core", "version": {"version_data": [{"version_value": "8.2.x versions before 8.2.7"}]}}]}, "vendor_name": "Drupal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "1038058", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038058"}, {"name": "https://www.drupal.org/SA-2017-001", "refsource": "CONFIRM", "url": "https://www.drupal.org/SA-2017-001"}, {"name": "96919", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96919"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:25:49.286Z"}, "title": "CVE Program Container", "references": [{"name": "1038058", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038058"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/SA-2017-001"}, {"name": "96919", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96919"}]}]}, "cveMetadata": {"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "assignerShortName": "drupal", "cveId": "CVE-2017-6381", "datePublished": "2017-03-16T14:00:00", "dateReserved": "2017-02-28T00:00:00", "dateUpdated": "2024-08-05T15:25:49.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C20DAD7-13A7-40F7-B6E0-965DB4E14508", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "144694E6-3287-4F4D-A687-7F495133DBA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "581D686B-1061-4271-BEF4-17A429BD666A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "E3E45AA6-5FAF-4C63-91F5-0765CE60191A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "matchCriteriaId": "FE5D81CF-AE7B-4A9C-AD8F-9A19D2AC35DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "matchCriteriaId": "A27535A5-7C4F-4548-A4B8-5FFBD58361D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "matchCriteriaId": "17BC6508-3518-4BB5-B29F-4E6CB6DE9D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "8CBB5620-5847-443F-8356-B66EE93A3779", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3E81260D-E0D2-4FD2-AAED-99945404EB00", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "5A7D34E6-76E0-4BCB-A4C8-9401C7331EF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "201E2EA9-B811-4BB2-867A-6F12DC472911", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "C957B189-10C2-4D42-B5B9-03F7DE287C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "A7E21838-CDEC-41B2-AE40-C78DE8984B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "639F0284-85D1-40B0-B337-77632E7A664B", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "5F4B611A-3628-41EA-878D-BF9D6C34AA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "856E46E5-1BF3-42F4-AFCB-81275B1EF265", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "B351F769-598F-4E3E-99EA-94A5516995A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "220900E6-5859-4CA9-831E-3FF3C128F060", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "0D55D51E-DE2D-469C-9F9C-F312A02EE921", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "259B5FE7-2808-4F61-B98C-73ECC7F9503C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "BA263BE6-2088-4E18-914B-96CFAA0093E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "906AED87-8C5C-4214-B5AD-43E5573E357A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "E150FDA8-5271-465C-8DE0-F44E9FC81E90", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "4E036D4F-BD94-4F77-883C-165B3F0802C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7A7068F8-810D-4720-9E0E-06DB1DD366ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "443183F6-9EF5-41AE-8AD0-B304BBF1670A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "58C5EF43-E24F-4BDB-9496-16DE4EEF3E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "B00B494B-736A-47A7-ACF3-81368C033086", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "E275F22B-7A46-4107-BE6F-6C4D7EAA46FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "63530139-7EF2-4210-9870-B06175ECBC58", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "ED085089-51D6-4E5C-96E8-CC5C7C55CC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "36FC67CE-9C45-4842-81AF-EEAE557D70D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "5FE6AC83-B248-4491-A320-836C65E64D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "99D7F3C7-3EC6-48D2-A8D5-1F987FD74A20", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "434D4D80-44C0-4278-A09B-005A599F4658", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2CF1BC91-4A24-40FC-8EEC-E4FAD624C2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "43067661-B562-41BC-B272-8A79075291B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA9EF375-AE7C-4900-A992-C635228889E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "53FA0C7F-000A-4CB4-86E3-DEC0C9DCA1BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39B2B71-C1B8-4A16-88FE-D691CC3C9BE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "535BC461-E9B1-4124-8125-1D9F91CF4F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "06F63C7F-CE02-428D-90CD-05B726C0026D", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F18278D5-A30B-4624-AC64-CA39F92EB8C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B3F72CAF-2BCA-454D-B8AC-951EC566A965", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E0C7CB5D-CE55-4628-957D-3D2C5EE2353B", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C9E1FBB4-D63F-4AA0-ADE3-70527F4D84A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D1BF3-879B-44C5-B3A0-2E91B27BFF29", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D2BB7835-2BFD-4182-B112-7E8A9FF2449C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "80CE2090-A5AF-47B8-BB7D-727FFF093413", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8B28527E-92CB-4171-8EE3-9187C3F44EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "3CB85396-4D94-4752-A134-A1644C707777", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F6802D01-6220-4EBE-B267-10DC14E6D186", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "EAD4EC47-7DD8-443B-8821-DFAE03FE2FD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA084D8B-FEFC-41D5-A384-1DCB297CC1A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "5F5756FE-158A-4194-9E5E-EA918C4A3D1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F344F3CE-C45E-4C3A-9F48-DAA0F2A49137", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "45C7BA91-93C2-4615-8A4D-11702FF5A155", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "615DED7F-691F-4EF8-BE82-6E51B4971BFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "467F335F-6FA1-413F-995F-29136658D969", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BABC38A1-0034-4CDE-B580-8026D6E0FE39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments"}, {"lang": "es", "value": "Una libreria de desarrollo de terceros que incluye las dependencias de desarrollo de Drupal 8 es vulnerable a ejecuci\u00f3n remota de c\u00f3digo. Esto se mitiga por la protecci\u00f3n .htaccess predeterminada contra ejecuci\u00f3n de PHP y el hecho de que las dependencias de desarrollo de Composer no est\u00e1n instaladas normalmente. Puede ser vulnerable a \u00e9sto si est\u00e1 ejecutando una versi\u00f3n de Drupal en versiones anteriores a 8.2.2. Para asegurarse de que no es vulnerable, puede quitar el directorio /vendor/phpunit de sus implementaciones de producci\u00f3n"}], "id": "CVE-2017-6381", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-16T14:59:00.300", "references": [{"source": "mlhess@drupal.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96919"}, {"source": "mlhess@drupal.org", "url": "http://www.securitytracker.com/id/1038058"}, {"source": "mlhess@drupal.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.drupal.org/SA-2017-001"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}