CVE-2024-55636

Summary

Drupal core contains a potential PHP Object Injection vulnerability

Severity

low

EPSS

0.9% (p55)

Also known as

GHSA-938f-5r4f-h65v, GHSA-938f-5r4f-h65v#drupal/core, GHSA-938f-5r4f-h65v#drupal/core-recommended, GHSA-938f-5r4f-h65v#drupal/drupal, BIT-drupal-2024-55636, DRUPAL-CORE-2024-006

Published

2024-12-10

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-55636
• https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
• https://github.com/drupal/core

Related advisories

• CVE-2026-9082 — critical · Packagist/drupal/core
• GHSA-7v68-3pr5-h3cr — critical · Packagist/drupal/core
• GHSA-6mgp-v5cm-ghg5 — critical · Packagist/drupal/core
• CVE-2018-7602 — critical · Packagist/drupal/core
• CVE-2018-7600 — critical · Packagist/drupal/core
• CVE-2024-55638 — high · Packagist/drupal/core
• CVE-2024-55637 — high · Packagist/drupal/core
• CVE-2024-11941 — high · Packagist/drupal/core

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity