CVE-2024-55637
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 10, 2024
Updated: Dec 16, 2024
CWE ID 915
Summary
CVE-2024-55637 is a Deserialization of Untrusted Data vulnerability affecting Drupal Core versions 8.0.0 to 10.2.11, 10.3.0 to 10.3.9, and 11.0.0 to 11.0.8. This issue allows Object Injection due to a gadget chain, which is not exploitable on its own but can be used to achieve remote code execution if another vulnerability permits the deserialization of untrusted data. Drupal Core contains a series of methods that can be exploited in this manner.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Drupal
Affected Vendors
- Drupal