High severityNVD Advisory· Published Jun 11, 2021· Updated Aug 4, 2024
CVE-2020-13663
CVE-2020-13663
Description
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.9.0, < 8.9.1 | 8.9.1 |
drupal/corePackagist | >= 9.0.0, < 9.0.1 | 9.0.1 |
drupal/corePackagist | >= 7.0.0, < 7.72 | 7.72 |
drupal/corePackagist | >= 8.0.0, < 8.8.8 | 8.8.8 |
drupal/drupalPackagist | >= 7.0.0, < 7.72 | 7.72 |
drupal/drupalPackagist | >= 8.0.0, < 8.8.8 | 8.8.8 |
drupal/drupalPackagist | >= 8.9.0, < 8.9.1 | 8.9.1 |
drupal/drupalPackagist | >= 9.0.0, < 9.0.1 | 9.0.1 |
Affected products
4- osv-coords3 versions
>= 7.0.0, < 7.72.0+ 2 more
- (no CPE)range: >= 7.0.0, < 7.72.0
- (no CPE)range: >= 8.9.0, < 8.9.1
- (no CPE)range: >= 7.0.0, < 7.72
- Range: 7.x
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m648-hpf8-qcjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13663ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yamlghsaWEB
- github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693ghsaWEB
- github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6ghsaWEB
- github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddbghsaWEB
- www.drupal.org/sa-core-2020-004ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.