{"uuid": "84771f06-5993-482a-bc0f-f99792e29afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-6340", "type": "seen", "source": "https://t.me/arpsyndicate/1406", "content": "#ExploitObserverAlert\n\nCVE-2019-6340\n\nDESCRIPTION: Exploit Observer has 67 entries related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-12-05T06:00:26.000000Z"}