-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| drupal/core | composer | >= 8.0.0, < 10.3.14 | 10.3.14 |
| drupal/core | composer | >= 10.4.0, < 10.4.5 | 10.4.5 |
| drupal/core | composer | >= 11.0.0, < 11.0.13 | 11.0.13 |
| drupal/core | composer | >= 11.1.0, < 11.1.5 | 11.1.5 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization of link field attributes during rendering. The LinkFormatter::render() method is responsible for generating link markup and would be the primary location where attribute values would require HTML escaping. The security advisory specifically calls out link field attributes as the attack vector, and formatter classes are the standard Drupal mechanism for controlling field output rendering. While no patch diffs are available, the combination of the vulnerability description and Drupal's architecture strongly implicates this rendering pathway.
Ongoing coverage of React2Shell