vulnerability

Ubuntu: (CVE-2017-6381): drupal7 vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Mar 16, 2017	Jun 26, 2025	Jul 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Mar 16, 2017

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments

Solution

no-fix-ubuntu-package

References

CVE-2017-6381
https://attackerkb.com/topics/CVE-2017-6381
URL-https://www.cve.org/CVERecord?id=CVE-2017-6381
URL-https://www.drupal.org/SA-2017-001

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today