What is the severity of CVE-2020-13671?

The severity of CVE-2020-13671 is high, with a severity value of 8.8.

How does CVE-2020-13671 affect Drupal?

CVE-2020-13671 affects Drupal core versions prior to 9.0.8.

What is the impact of CVE-2020-13671?

The impact of CVE-2020-13671 is the incorrect interpretation of uploaded files, leading to serving files with the wrong MIME type or executing them as PHP.

How do I fix CVE-2020-13671 in Drupal?

To fix CVE-2020-13671 in Drupal, you need to upgrade to Drupal core version 9.0.8.

Where can I find more information about CVE-2020-13671?

You can find more information about CVE-2020-13671 on the Drupal website and the NIST NVD website.

Vulnerability/
CVE-2020-13671

Exploited

high

8.8

CWE

434

18/11/2020

20/11/2020

21/11/2024

CVE-2020-13671: Drupal core Un-restricted Upload of File

First published: Wed Nov 18 2020(Updated: )

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

Credit: mlhess@drupal.org mlhess@drupal.org mlhess@drupal.org

Affected Software	Affected Version	How to fix
composer/drupal/core	>=7.0.0<7.74>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.11>=8.9.0<8.9.9>=9.0.0<9.0.8
composer/drupal/drupal	>=7.0.0<7.74>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.11>=8.9.0<8.9.9>=9.0.0<9.0.8
Drupal Drupal	>=7.0<7.74
Drupal Drupal	>=8.8<8.8.11
Drupal Drupal	>=8.9<8.9.9
Drupal Drupal	>=9.0<9.0.8
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Drupal Drupal Core
composer/drupal/drupal	>=9.0.0<9.0.8	9.0.8
composer/drupal/drupal	>=8.9.0<8.9.9	8.9.9
composer/drupal/drupal	>=8.0.0<8.8.11	8.8.11
composer/drupal/drupal	>=7.0.0<7.74	7.74
composer/drupal/core	>=7.0.0<7.74	7.74
composer/drupal/core	>=8.0.0<8.8.11	8.8.11
composer/drupal/core	>=8.9.0<8.9.9	8.9.9
composer/drupal/core	>=9.0.0<9.0.8	9.0.8
debian/drupal7
ubuntu/drupal7	<7.26-1ubuntu0.1+	7.26-1ubuntu0.1+
ubuntu/drupal7	<7.74	7.74
ubuntu/drupal7	<7.44-1ubuntu1~16.04.0+	7.44-1ubuntu1~16.04.0+

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-13671?
The severity of CVE-2020-13671 is high, with a severity value of 8.8.
How does CVE-2020-13671 affect Drupal?
CVE-2020-13671 affects Drupal core versions prior to 9.0.8.
What is the impact of CVE-2020-13671?
The impact of CVE-2020-13671 is the incorrect interpretation of uploaded files, leading to serving files with the wrong MIME type or executing them as PHP.
How do I fix CVE-2020-13671 in Drupal?
To fix CVE-2020-13671 in Drupal, you need to upgrade to Drupal core version 9.0.8.
Where can I find more information about CVE-2020-13671?
You can find more information about CVE-2020-13671 on the Drupal website and the NIST NVD website.

collector/friends-of-php
agent/type
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup
agent/title
agent/severity
agent/weakness
collector/nvd-api
source/NVD
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-68jc-v27h-vhmw
alias/CVE-2020-13671
collector/mitre-cve
source/MITRE
collector/github-advisory
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/softwarecombine
exploited/true
collector/cisa-known-exploited
source/CISA
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/tags
agent/event
collector/nvd-cve
agent/last-modified-date
agent/trending
package-manager/composer
vendor/drupal
canonical/drupal drupal
version/drupal drupal/7.0
version/drupal drupal/8.8
version/drupal drupal/8.9
version/drupal drupal/9.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
package-manager/debian
canonical/drupal drupal core