CVE-2024-55637

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 10, 2024
Updated: Dec 16, 2024
CWE ID 915

Summary

CVE-2024-55637 is a Deserialization of Untrusted Data vulnerability affecting Drupal Core versions 8.0.0 to 10.2.11, 10.3.0 to 10.3.9, and 11.0.0 to 11.0.8. This issue allows Object Injection due to a gadget chain, which is not exploitable on its own but can be used to achieve remote code execution if another vulnerability permits the deserialization of untrusted data. Drupal Core contains a series of methods that can be exploited in this manner.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share