VYPR
Moderate severityNVD Advisory· Published Aug 29, 2024· Updated Apr 21, 2025

CVE-2024-45440

CVE-2024-45440

Description

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
drupal/drupalPackagist
>= 10.3.0, < 10.3.610.3.6
drupal/drupalPackagist
>= 11.0.0, < 11.0.511.0.5
drupal/core-recommendedPackagist
>= 10.3.0, < 10.3.610.3.6
drupal/core-recommendedPackagist
>= 11.0.0, < 11.0.511.0.5
drupal/corePackagist
>= 10.3.0, < 10.3.610.3.6
drupal/corePackagist
>= 11.0.0, < 11.0.511.0.5
drupal/drupalPackagist
>= 8.0.0, < 10.2.910.2.9
drupal/core-recommendedPackagist
>= 8.0.0, < 10.2.910.2.9
drupal/corePackagist
>= 8.0.0, < 10.2.910.2.9

Affected products

4

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.