High severityNVD Advisory· Published Feb 16, 2022· Updated Aug 3, 2024
CVE-2022-25271
CVE-2022-25271
Description
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 9.3.0, < 9.3.6 | 9.3.6 |
drupal/corePackagist | >= 8.0.0, < 9.2.13 | 9.2.13 |
drupal/corePackagist | >= 7.0.0, < 7.88 | 7.88 |
Affected products
3- osv-coords2 versions
>= 7.0.0, < 7.88.0+ 1 more
- (no CPE)range: >= 7.0.0, < 7.88.0
- (no CPE)range: >= 9.3.0, < 9.3.6
- Drupal/Corev5Range: 9.3.x
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-fmfv-x8mp-5767ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-25271ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4ghsaWEB
- www.drupal.org/sa-core-2022-003ghsaWEB
News mentions
0No linked articles in our index yet.