FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal Core - Multiple Vulnerabilities

Affected packages
drupal7 < 7.56
drupal8 < 8.3.4


VuXML ID 4fc2df49-6279-11e7-be0f-6cf0497db129
Discovery 2017-06-21
Entry 2017-07-06

Drupal Security Team Reports:

CVE-2017-6920: PECL YAML parser unsafe object handling.

CVE-2017-6921: File REST resource does not properly validate

CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users.


CVE Name CVE-2017-6920
CVE Name CVE-2017-6921
CVE Name CVE-2017-6922