{"uuid": "af103337-7a2b-4790-946b-6c3ab0fe7175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-6340", "type": "seen", "source": "https://t.me/arpsyndicate/4829", "content": "#ExploitObserverAlert\n\nCVE-2019-6340\n\nDESCRIPTION: Exploit Observer has 160 entries in 16 file formats related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)\n\nFIRST-EPSS: 0.974820000\nNVD-IS: 5.9\nNVD-ES: 2.2\nARPS-PRIORITY: 0.9540601", "creation_timestamp": "2024-04-24T22:03:14.000000Z"}