UNKNOWNCVE-2025-13081

Drupal core allows Object Injection

Platform

drupal

Component

drupal

Fixed in

10.4.9

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

How to fix

Actualice Drupal core a la última versión disponible. Específicamente, actualice a la versión 10.4.9, 10.5.6, 11.1.9 o 11.2.8, o una versión posterior. Esto solucionará la vulnerabilidad de inyección de objetos.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free