{"id":"CVE-2024-55636","details":"Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.","aliases":["BIT-drupal-2024-55636","DRUPAL-CORE-2024-006","GHSA-938f-5r4f-h65v"],"modified":"2026-04-10T05:18:37.061626Z","published":"2024-12-10T00:15:22.540Z","references":[{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2024-006"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"fixed":"2570b33d6e36d5835119b683af0d6a866593276b"},{"introduced":"150df8b6d02131a72a34ec1cb5444c191ae5e407"},{"fixed":"f2093af42504324a1f55ca1783eab5b8a93afaa0"},{"introduced":"140f94ff1051644c4416c7ed30cc5dd1f14507b2"},{"fixed":"3712d59414f556474f990a503c3f7c295f8c719f"}],"database_specific":{"versions":[{"introduced":"8.0.0"},{"fixed":"10.2.11"},{"introduced":"10.3.0"},{"fixed":"10.3.9"},{"introduced":"11.0.0"},{"fixed":"11.0.8"}]}}],"versions":["10.0.0-alpha1","10.0.0-alpha3","10.0.0-alpha4","10.0.0-alpha5","10.1.0-alpha1","10.2.0","10.2.0-alpha1","10.2.0-beta1","10.2.0-rc1","10.2.1","10.2.10","10.2.3","10.2.4","10.2.5","10.2.6","10.2.7","10.2.8","10.2.9","10.3.0-beta1","10.3.0-rc1","10.3.1","10.3.2","10.3.3","10.3.4","10.3.5","10.3.6","10.3.7","10.3.8","11.0.0","11.0.1","11.0.2","11.0.3","11.0.4","11.0.5","11.0.6","11.0.7","8.0.0","8.1.0-beta1","9.0.0-alpha1","9.0.0-alpha2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55636.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}