GHSA-jf8c-36vw-98x4: Drupal core Remote Code Execution
In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail()
, which could lead to remote code execution.
References
Detect and mitigate GHSA-jf8c-36vw-98x4 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →