Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tZzhqLXc5M3cteGpnY84AA_BD
Drupal Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZzhqLXc5M3cteGpnY84AA_BD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 23 days ago
Updated: 17 days ago
Identifiers: GHSA-mg8j-w93w-xjgc, CVE-2024-45440
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-45440
- https://www.drupal.org/project/drupal/issues/3457781
- https://senscybersecurity.nl/CVE-2024-45440-Explained
- https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Affected Packages
packagist:drupal/core
Dependent packages: 770Dependent repositories: 5,293
Downloads: 44,854,545 total
Affected Version Ranges: = 11.x-dev
No known fixed version
All affected versions:
packagist:drupal/core-recommended
Dependent packages: 270Dependent repositories: 2,895
Downloads: 24,778,084 total
Affected Version Ranges: = 11.x-dev
No known fixed version
All affected versions:
packagist:drupal/drupal
Dependent packages: 33Dependent repositories: 158
Downloads: 73,590 total
Affected Version Ranges: = 11.x-dev
No known fixed version
All affected versions: