Moderate severityNVD Advisory· Published Feb 11, 2022· Updated Aug 4, 2024
Access bypass in Drupal Core 8/9
CVE-2020-13668
Description
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 8.8.10 | 8.8.10 |
drupal/corePackagist | >= 8.9.0, < 8.9.6 | 8.9.6 |
drupal/corePackagist | >= 9.0.0, < 9.0.6 | 9.0.6 |
drupal/drupalPackagist | >= 8.0.0, < 8.8.10 | 8.8.10 |
drupal/drupalPackagist | >= 8.9.0, < 8.9.6 | 8.9.6 |
drupal/drupalPackagist | >= 9.0.0, < 9.0.6 | 9.0.6 |
Affected products
4- osv-coords3 versions
>= 8.8.0, < 8.8.10+ 2 more
- (no CPE)range: >= 8.8.0, < 8.8.10
- (no CPE)range: >= 8.0.0, < 8.8.10
- (no CPE)range: >= 8.0.0, < 8.8.10
- Drupal/Corev5Range: 8.8.x
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m6q5-wv4x-fv6hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13668ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yamlghsaWEB
- github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8ghsaWEB
- github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fbghsaWEB
- github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2ghsaWEB
- www.drupal.org/sa-core-2020-009ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.