{"id":"UBUNTU-CVE-2024-55636","details":"Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.","modified":"2025-09-08T17:05:36Z","published":"2024-12-10T00:15:00Z","upstream":["CVE-2024-55636"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-55636"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-55636"}],"affected":[{"package":{"name":"drupal7","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm3?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.23-1","7.24-1","7.24-2","7.26-1","7.26-1ubuntu0.1","7.26-1ubuntu0.1+esm1","7.26-1ubuntu0.1+esm2","7.26-1ubuntu0.1+esm3"],"ecosystem_specific":{"binaries":[{"binary_version":"7.26-1ubuntu0.1+esm3","binary_name":"drupal7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-55636.json"}},{"package":{"name":"drupal7","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/drupal7@7.44-1ubuntu1~16.04.0+esm3?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.38-1","7.41-1","7.44-1ubuntu1~16.04.0","7.44-1ubuntu1~16.04.0+esm1","7.44-1ubuntu1~16.04.0+esm2","7.44-1ubuntu1~16.04.0+esm3"],"ecosystem_specific":{"binaries":[{"binary_version":"7.44-1ubuntu1~16.04.0+esm3","binary_name":"drupal7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-55636.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}