Synology-SA-19:30 Drupal
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
None of Synology products are affected by CVE-2019-6342 as this vulnerability only affects Drupal 8.7.4.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Drupal8 | Not affected | N/A |
| Drupal | Not affected | N/A |
Mitigation
None
Detail
- CVE-2019-6342
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2019-07-19 | Initial public release. |
| 2 | 2021-04-12 | Disclosed vulnerability details. |