CVE-2020-13668
Access bypass in Drupal Core 8/9
6.1
MEDIUM
CVSS 3.1
EPSS 0.22%
Description
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
How to fix CVE-2020-13668
To remediate CVE-2020-13668, upgrade the affected package to a fixed version below.
- —upgrade to 8.8.10 or later
- —upgrade to 8.8.10 or later
- —upgrade to 8.8.10 or later
Is CVE-2020-13668 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
- >= 8.0.0, < 8.8.10
- >= 8.0.0, < 8.8.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |