hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
bfd7d732ae35bb669a94dcdad31fa0b755324bfd
websafe-kb/08-threat-intel/registry/advisories/drupal--de8979ff41.json
hao bfd7d732ae feat: sync version-driven intel coverage
2026-03-21 18:18:55 -07:00

150 行
14 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "drupal--de8979ff41",
"system_id": "drupal",
"display_name": "Drupal",
"category": "cms",
"advisory_mode": "core",
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005",
"summary": "<div class=\"field field-name-field-project field-type-entityreference field-label-inline clearfix\"><div class=\"field-label\">Project:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><a href=\"/project/drupal\">Drupal core</a></div></div></div><div class=\"field field-name-drupalorg-sa-date field-type-text field-label-inline clearfix\"><div class=\"field-label\">Date:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">2025-November-12</div></div></div><div class=\"field field-name-field-sa-criticality field-type-text field-label-inline clearfix\"><div class=\"field-label\">Security risk:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><a href=\"/security-team/risk-levels\" class=\"moderately-critical\" title=\"AC - Access complexity: Basic or routine (user must follow specific path)\nA - Authentication: None (all/anonymous users)\nCI - Confidentiality impact: No confidentiality impact\nII - Integrity impact: Some data can be modified\nE - Exploit (Zero-day impact): Theoretical or white-hat (no public exploit code or documentation on development exists)\nTD - Target distribution: All module configurations are exploitable\"><strong>Moderately critical</strong> 13\u2009\u2215\u200925 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All</a></div></div></div><div class=\"field field-name-field-sa-type field-type-text field-label-inline clearfix\"><div class=\"field-label\">Vulnerability:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">Denial of Service</div></div></div><div class=\"field field-name-field-affected-versions field-type-text field-label-inline clearfix\"><div class=\"field-label\">Affected versions:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">&gt;= 8.0.0 &lt; 10.4.9 || &gt;= 10.5.0 &lt; 10.5.6 || &gt;= 11.0.0 &lt; 11.1.9 || &gt;= 11.2.0 &lt; 11.2.8</div></div></div><div class=\"field field-name-field-sa-cve field-type-text field-label-inline clearfix\"><div class=\"field-label\">CVE IDs:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">CVE-2025-13080</div></div></div><div class=\"field field-name-field-sa-description field-type-text-long field-label-above\"><div class=\"field-label\">Description:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><p>Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden.</p>\n<p>This functionality can be abused in a way that may cause Drupal to cache response data that it should not. This can lead to legitimate requests receiving inappropriate cached responses (cache poisoning).</p>\n<p>This could be exploited in various ways:</p>\n<ul>\n<li>Broken rendering of some pages</li>\n<li>Unstyled or malformatted pages</li>\n<li>Adverse impacts on client-side functionality</li>\n</ul>\n<p>Changes are being made in the underlying library which will mitigate this problem, but in the meantime Drupal core has been hardened to protect against this vulnerability. The authors of the underlying library do not believe it is a source of vulnerabilities in other systems. Drupal's use of library leads to an implementation-specific vulnerability, so we've issued this advisory and reserved a CVE ID for the vulnerability in Drupal.</p></div></div></div><div class=\"field field-name-field-sa-solution field-type-text-long field-label-above\"><div class=\"field-label\">Solution:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><p>Install the latest version:</p>\n<ul>\n<li>If you are using Drupal 10.4, update to <a href=\"https://www.drupal.org/project/drupal/releases/10.4.9\" rel=\"nofollow\">Drupal 10.4.9</a>.</li>\n<li>If you are using Drupal 10.5, update to <a href=\"https://www.drupal.org/project/drupal/releases/10.5.6\" rel=\"nofollow\">Drupal 10.5.6</a>.</li>\n<li>If you are using Drupal 11.1, update to <a href=\"https://www.drupal.org/project/drupal/releases/11.1.9\" rel=\"nofollow\">Drupal 11.1.9</a>.</li>\n<li>If you are using Drupal 11.2, update to <a href=\"https://www.drupal.org/project/drupal/releases/11.2.8\" rel=\"nofollow\">Drupal 11.2.8</a>.</li>\n</ul>\n<p>Drupal 11.0.x, Drupal 10.3.x, and below are end-of-life and do not receive security coverage. (<a href=\"https://www.drupal.org/psa-2021-06-29\" rel=\"nofollow\">Drupal 8</a> and <a href=\"https://www.drupal.org/psa-2023-11-01\" rel=\"nofollow\">Drupal 9</a> have both reached end-of-life.)</p></div></div></div><div class=\"field field-name-field-sa-reported-by field-type-text-long field-label-above\"><div class=\"field-label\">Reported By:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><ul>\n<li><a href=\"/u/dragos-dumi\" rel=\"nofollow\">Dragos Dumitrescu (dragos-dumi)</a>\n</li><li><a href=\"/u/inzo_\" rel=\"nofollow\">yasser ALLAM (inzo_)</a>\n</li><li><a href=\"/u/nilsdestoop\" rel=\"nofollow\">Nils Destoop (nils.destoop)</a>\n</li><li><a href=\"/u/svendecabooter\" rel=\"nofollow\">Sven Decabooter (svendecabooter)</a>\n</li><li><a href=\"/u/zhero\" rel=\"nofollow\">zhero</a>\n</li></ul></div></div></div><div class=\"field field-name-field-sa-fixed-by field-type-text-long field-label-above\"><div class=\"field-label\">Fixed By:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><ul>\n<li><a href=\"/u/alexpott\" rel=\"nofollow\">Alex Pott (alexpott)</a> of the Drupal Security Team\n</li><li><a href=\"/u/catch\" rel=\"nofollow\"> catch (catch)</a> of the Drupal Security Team\n</li><li><a href=\"/u/cilefen\" rel=\"nofollow\">cilefen (cilefen)</a> of the Drupal Security Team\n</li><li><a href=\"/u/jenlampton\" rel=\"nofollow\">Jen Lampton (jenlampton)</a>, provisional member of the Drupal Security Team\n</li><li><a href=\"/u/larowlan\" rel=\"nofollow\">Lee Rowlands (larowlan)</a> of the Drupal Security Team\n</li><li><a href=\"/u/longwave\" rel=\"nofollow\">Dave Long (longwave)</a> of the Drupal Security Team\n</li><li><a href=\"/u/mcdruid\" rel=\"nofollow\">Drew Webber (mcdruid)</a> of the Drupal Security Team\n</li><li><a href=\"/u/nilsdestoop\" rel=\"nofollow\">Nils Destoop (nils.destoop)</a>\n</li><li><a href=\"/u/poker10\" rel=\"nofollow\">Juraj Nemec (poker10)</a> of the Drupal Security Team\n</li><li><a href=\"/u/ram4nd\" rel=\"nofollow\">Ra M\u00e4nd (ram4nd)</a>, provisional member of the Drupal Security Team\n</li><li><a href=\"/u/xjm\" rel=\"nofollow\">Jess (xjm)</a> of the Drupal Security Team\n</li></ul></div></div></div><div class=\"field field-name-field-sa-coordinated-by field-type-text-long field-label-above\"><div class=\"field-label\">Coordinated By:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><ul>\n<li><a href=\"/u/catch\" rel=\"nofollow\"> catch (catch)</a> of the Drupal Security Team\n</li><li><a href=\"/u/greggles\" rel=\"nofollow\">Greg Knaddison (greggles)</a> of the Drupal Security Team\n</li><li><a href=\"/u/larowlan\" rel=\"nofollow\">Lee Rowlands (larowlan)</a> of the Drupal Security Team\n</li><li><a href=\"/u/longwave\" rel=\"nofollow\">Dave Long (longwave)</a> of the Drupal Security Team\n</li><li><a href=\"/u/mcdruid\" rel=\"nofollow\">Drew Webber (mcdruid)</a> of the Drupal Security Team\n</li><li><a href=\"/u/poker10\" rel=\"nofollow\">Juraj Nemec (poker10)</a> of the Drupal Security Team\n</li><li><a href=\"/u/xjm\" rel=\"nofollow\">Jess (xjm)</a> of the Drupal Security Team\n</li></ul></div></div></div>",
"published_at": "Wed, 12 Nov 2025 18:33:05 +0000",
"updated_at": "Wed, 12 Nov 2025 18:33:05 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://www.drupal.org/sa-core-2025-005",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation",
"plugin-extension-trust-policy",
"dependency-upgrade-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "drupal",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "drupal",
"official": true
}
],
"affected_components": [
{
"name": "Drupal",
"entity_id": "drupal",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://www.drupal.org/sa-core-2025-005"
],
"affected_version_refs": [],
"fixed_version_refs": [],
"patched_version_refs": [],
"version_sync_confidence": "low",
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "drupal--de8979ff41--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"Drupal Security Advisories RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "drupal--de8979ff41--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接