{"id":"CVE-2024-55638","details":"Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.","aliases":["BIT-drupal-2024-55638","DRUPAL-CORE-2024-008","GHSA-gvf2-2f4g-jqf4"],"modified":"2026-04-10T05:18:37.076343Z","published":"2024-12-10T00:15:22.770Z","references":[{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2024-008"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"497914920385b7016ac9c9367e0198530787adf2"},{"fixed":"fa67320cf2109f1102201da5f66fd189c56f8b25"},{"introduced":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"fixed":"2570b33d6e36d5835119b683af0d6a866593276b"},{"introduced":"150df8b6d02131a72a34ec1cb5444c191ae5e407"},{"fixed":"f2093af42504324a1f55ca1783eab5b8a93afaa0"}],"database_specific":{"versions":[{"introduced":"7.0"},{"fixed":"7.102"},{"introduced":"8.0.0"},{"fixed":"10.2.11"},{"introduced":"10.3.0"},{"fixed":"10.3.9"}]}}],"versions":["10.0.0-alpha1","10.0.0-alpha3","10.0.0-alpha4","10.0.0-alpha5","10.1.0-alpha1","10.2.0","10.2.0-alpha1","10.2.0-beta1","10.2.0-rc1","10.2.1","10.2.10","10.2.3","10.2.4","10.2.5","10.2.6","10.2.7","10.2.8","10.2.9","10.3.0-beta1","10.3.0-rc1","10.3.1","10.3.2","10.3.3","10.3.4","10.3.5","10.3.6","10.3.7","10.3.8","7.0","7.10","7.100","7.101","7.12","7.14","7.15","7.17","7.22","7.23","7.25","7.28","7.30","7.33","7.36","7.37","7.4","7.40","7.42","7.43","7.50","7.51","7.54","7.55","7.56","7.6","7.61","7.64","7.68","7.7","7.71","7.76","7.77","7.79","7.8","7.81","7.83","7.84","7.85","7.87","7.89","7.9","7.90","7.92","7.93","7.94","7.97","7.98","7.99","8.0.0","8.1.0-beta1","9.0.0-alpha1","9.0.0-alpha2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55638.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}