Ra Mã¤Nd

**Name of the Vulnerable Software and Affected Versions** Drupal core versions 8.0.0 through 10.5.8 Drupal core versions 10.6.0 through 10.6.6 Drupal core versions 11.0.0 through 11.2.10 Drupal core versions 11.3.0 through 11.3.6 **Description** Drupal core allows Object Injection due to improperly controlled modification of dynamically-determined object attributes. This issue involves a gadget chain—a sequence of existing code fragments—that can be leveraged to achieve remote code execution or SQL injection if the application deserializes untrusted data via the `unserialize()` function due to a separate vulnerability. This issue is not directly exploitable on its own. **Recommendations** Update versions 8.0.0 through 10.5.8 to 10.5.9. Update versions 10.6.0 through 10.6.6 to 10.6.7. Update versions 11.0.0 through 11.2.10 to 11.2.11. Update versions 11.3.0 through 11.3.6 to 11.3.7.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 10.5.9 Drupal versions prior to 10.6.7 Drupal versions prior to 11.2.11 Drupal versions prior to 11.3.7 **Description** Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to cross-site scripting (XSS), a flaw where malicious scripts are injected into trusted websites. **Recommendations** Update to version 10.5.9 Update to version 10.6.7 Update to version 11.2.11 Update to version 11.3.7

**Name of the Vulnerable Software and Affected Versions** Drupal Material Icons versions prior to 2.0.4 **Description** The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in many situations. This allows for forceful browsing. The module is designed to add icons to CKEditor. **Recommendations** Update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 **Description** A flaw exists in Drupal core that allows for content spoofing through a user interface misrepresentation of critical information. This issue impacts the display of content within the application. **Recommendations** Update Drupal core to version 10.4.9 or later. Update Drupal core to version 10.5.6 or later. Update Drupal core to version 11.1.9 or later. Update Drupal core to version 11.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 **Description** An improper check for unusual or exceptional conditions exists in Drupal core, allowing for forceful browsing. This issue impacts the software's ability to handle unexpected input or situations, potentially leading to unauthorized access or information disclosure. **Recommendations** Update Drupal core to version 10.4.9 or later. Update Drupal core to version 10.5.6 or later. Update Drupal core to version 11.1.9 or later. Update Drupal core to version 11.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.7 **Description** Drupal core contains an improperly controlled modification of dynamically-determined object attributes, leading to Object Injection. This allows for potential manipulation of objects within the system. **Recommendations** Update Drupal core to version 10.4.9 or later. Update Drupal core to version 10.5.6 or later. Update Drupal core to version 11.1.9 or later. Update Drupal core to version 11.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Protected Pages versions 0.0.0 through 1.7.9 **Description** A flaw exists in Drupal Protected Pages that allows for excessive authentication attempts, potentially leading to brute force attacks. This issue impacts the Protected Pages module. **Recommendations** Update to Protected Pages version 1.8.0 or later.